Transcript Security

Chapter 8: Network Security
Chapter goals:
• understand principles of network security:
– cryptography and its
many uses beyond
Security
“confidentiality”
– authentication
– message integrity
– key distribution
• security in practice:
– firewalls
– security in application, transport, network, link layers
1-Apr-16
CPSC558 Advanced Computer Networks
Roadmap
•
•
•
•
•
•
•
•
What is network security?
Principles of cryptography
Security
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
What is network security?
Confidentiality: only sender, intended receiver should
“understand” message contents
– sender encrypts message
Security
– receiver decrypts message
Authentication: sender, receiver want to confirm identity of
each other
Message Integrity: sender, receiver want to ensure
message not altered (in transit, or afterwards) without
detection
Access and Availability: services must be accessible and
available to users
1-Apr-16
CPSC558 Advanced Computer Networks
Friends and enemies: Alice, Bob, Trudy
• well-known in network security world
• Bob, Alice (lovers!) want to communicate “securely”
Securitydelete, add messages
• Trudy (intruder) may intercept,
Alice
data
channel
secure
sender
Bob
data, control
messages
secure
receiver
Trudy
1-Apr-16
CPSC558 Advanced Computer Networks
data
Who might Bob, Alice be?
• … well, real-life Bobs and Alices!
Security
• Web browser/server
for electronic transactions
(e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates
1-Apr-16
CPSC558 Advanced Computer Networks
There are bad guys (and girls) out there!
Q: What can a “bad guy” do?
A: a lot!
Security
– intercept messages
– actively insert messages into connection
– impersonation: can fake (spoof) source address in
packet (or any field in packet)
– hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in
place
– denial of service: prevent service from being used
by others (e.g., by overloading resources)
more on this later ……
1-Apr-16
CPSC558 Advanced Computer Networks
roadmap
•
•
•
•
•
•
•
•
What is network security?
Security
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
The language of cryptography
Alice’s
K encryption
A
key
Security
plaintext
encryption
algorithm
ciphertext
Bob’s
K decryption
B key
decryption plaintext
algorithm
symmetric key crypto: sender, receiver keys identical
public-key crypto: encryption key public, decryption key
secret (private)
1-Apr-16
CPSC558 Advanced Computer Networks
Symmetric key cryptography
substitution cipher: substituting one thing for another
– monoalphabetic cipher: substitute one letter for another
Security
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
 brute force
 other?
1-Apr-16
CPSC558 Advanced Computer Networks
Symmetric key cryptography
KA-B
plaintext
message, m
Security
encryption ciphertext
algorithm
K (m)
A-B
KA-B
decryption plaintext
algorithm
m = K ( KA-B(m) )
A-B
symmetric key crypto: Bob and Alice share know same
(symmetric) key: K
A-B
• e.g., key is knowing substitution pattern in mono
alphabetic substitution cipher
• Q: how do Bob and Alice agree on key value?
1-Apr-16
CPSC558 Advanced Computer Networks
Symmetric key crypto: DES
DES: Data Encryption Standard
• US encryption standard [NIST 1993]
Security
• 56-bit symmetric key, 64-bit plaintext input
• How secure is DES?
– DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”)
decrypted (brute force) in 4 months
– no known “backdoor” decryption approach
• making DES more secure:
– use three keys sequentially (3-DES) on each datum
1-Apr-16
CPSC558 Advanced Computer Networks
Symmetric key
crypto: DES
DES operation
Security
initial permutation
16 identical “rounds” of
function application,
each using different 48
bits of key
final permutation
1-Apr-16
CPSC558 Advanced Computer Networks
AES: Advanced Encryption Standard
• new (Nov. 2001) symmetric-key NIST standard,
Security
replacing DES
• processes data in 128 bit blocks
• 128, 192, or 256 bit keys
• brute force decryption (try each key) taking 1 sec
on DES, takes 149 trillion years for AES
1-Apr-16
CPSC558 Advanced Computer Networks
Public Key Cryptography
symmetric key crypto
public key cryptography
Security
• requires sender, receiver
• radically different
know shared secret key
approach [DiffieHellman76, RSA78]
• Q: how to agree on key in
first place (particularly if
• sender, receiver do not
never “met”)?
share secret key
• public encryption key
known to all
• private decryption key
known only to receiver
1-Apr-16
CPSC558 Advanced Computer Networks
Public key cryptography
+ Bob’s public
B key
K
Security
plaintext
message, m
1-Apr-16
encryption ciphertext
algorithm
+
K (m)
B
K
- Bob’s private
B key
decryption plaintext
algorithm message
+
m = K B(K (m))
CPSC558 Advanced Computer Networks
B
Public key encryption algorithms
Requirements:
1
+ Security
need K ( ) and K - ( ) such that
B
B
- +
.
.
K (K (m)) = m
B
2
B
+
given public key K B, it should be
impossible to compute private
key KB
RSA: Rivest, Shamir, Adelson algorithm
1-Apr-16
CPSC558 Advanced Computer Networks
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
Security
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
+
KB
1-Apr-16
-
KB
CPSC558 Advanced Computer Networks
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
Security
1. To encrypt bit pattern,
m, compute
e
e
c = m mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
d
m = c d mod n (i.e., remainder when c is divided by n)
Magic
d
m = (m e mod n) mod n
happens!
c
1-Apr-16
CPSC558 Advanced Computer Networks
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
Security
d=29 (so ed-1
exactly divisible by z.
encrypt:
decrypt:
1-Apr-16
letter
m
me
l
12
1524832
c
17
d
c
481968572106750915091411825223071697
c = me mod n
17
m = cd mod n letter
12
l
CPSC558 Advanced Computer Networks
RSA: Why is that
m = (m e mod n)
d
mod n
Useful number theory result: If p,q prime and
n = pq, then:
y
y mod (p-1)(q-1)
Security
x mod n = x
mod n
e
(m mod n) d mod n = medmod n
= m
ed mod (p-1)(q-1)
mod n
(using number theory result above)
1
= m mod n
(since we chose ed to be divisible by
(p-1)(q-1) with remainder 1 )
= m
1-Apr-16
CPSC558 Advanced Computer Networks
RSA: another important property
The following property will be very useful later:
Security
- +
+ K (K (m)) = m = K (K (m))
B
B
B
use public key
first, followed
by private key
B
use private key
first, followed
by public key
Result is the same!
1-Apr-16
CPSC558 Advanced Computer Networks
roadmap
What is network security?
Security
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Security
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
1-Apr-16
Failure scenario??
CPSC558 Advanced Computer Networks
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Security
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
1-Apr-16
in a network,
Bob can not “see”
Alice, so Trudy simply
declares
herself to be Alice
CPSC558 Advanced Computer Networks
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Security
Alice’s
“I am Alice”
IP address
Failure scenario??
1-Apr-16
CPSC558 Advanced Computer Networks
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Security
Alice’s
IP address
1-Apr-16
Trudy can create
a packet
“spoofing”
“I am Alice”
Alice’s address
CPSC558 Advanced Computer Networks
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Security
Alice’s
Alice’s
“I’m Alice”
IP addr password
Alice’s
IP addr
1-Apr-16
OK
Failure scenario??
CPSC558 Advanced Computer Networks
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Security
Alice’s
Alice’s
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
playback attack: Trudy
records Alice’s packet
and later
plays it back to Bob
Alice’s
Alice’s
“I’m Alice”
IP addr password
1-Apr-16
CPSC558 Advanced Computer Networks
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Security
Alice’s encrypted
“I’m Alice”
IP addr password
Alice’s
IP addr
1-Apr-16
OK
Failure scenario??
CPSC558 Advanced Computer Networks
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Security
Alice’s encryppted
“I’m Alice”
IP addr password
Alice’s
IP addr
OK
Alice’s encrypted
“I’m Alice”
IP addr password
1-Apr-16
CPSC558 Advanced Computer Networks
record
and
playback
still works!
Authentication: yet another try
Goal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetime
Security
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
“I am Alice”
R
KA-B(R)
Failures, drawbacks?
1-Apr-16
CPSC558 Advanced Computer Networks
Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
be Alice!
Authentication: ap5.0
ap4.0 requires shared symmetric key
• can we authenticate using
public key techniques?
Security
ap5.0: use nonce, public key cryptography
“I am Alice”
R
Bob computes
+ -
-
K A (R)
“send me your public key”
+
KA
KA(KA (R)) = R
and knows only Alice
could have the private
key, that encrypted R
such that
+ K (K (R)) = R
A A
+ really Alice’s public key?
Is
K
A
1-Apr-16
CPSC558 Advanced Computer Networks
ap5.0: security hole
Man (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice
R
Security
K (R)
A
I am Alice
R
K (R)
T
Send me your public key
+
K
T
Send me your public key
+
K
A
- +
m = K (K (m))
A A
1-Apr-16
+
K (m)
A
Trudy gets
- +
m = K (K (m))
T Alice
sends T
m to
+
K (m)
T
ennrypted with
Alice’s public key
CPSC558 Advanced Computer Networks
ap5.0: security hole
Man (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Security
Difficult to detect:
 Bob receives everything that Alice sends, and vice
versa. (e.g., so Bob, Alice can meet one week later and
recall conversation)
 problem is that Trudy receives all messages as well!
1-Apr-16
CPSC558 Advanced Computer Networks
Chapter 7 roadmap
What is network security?
Security
Principles of cryptography
Authentication
Message integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
Digital Signatures
Cryptographic technique analogous to handwritten signatures.Security
• sender (Bob) digitally signs document, establishing
he is document owner/creator.
• verifiable, nonforgeable: recipient (Alice) can prove
to someone that Bob, and no one else (including
Alice), must have signed document
1-Apr-16
CPSC558 Advanced Computer Networks
Digital Signatures
Simple digital signature for message m:
• Bob signs m by encrypting
with his private key KB,
Security
creating “signed” message, KB(m)
Bob’s message, m
Dear Alice
Oh, how I have missed
you. I think of you all the
time! …(blah blah blah)
Bob
1-Apr-16
K B Bob’s private
key
Public key
encryption
algorithm
CPSC558 Advanced Computer Networks
-
K B(m)
Bob’s message,
m, signed
(encrypted) with
his private key
Digital Signatures (more)
-
• Suppose Alice receives msg m, digital signature KB(m)
• Alice verifies m signed by Bob by applying Bob’s public
+
- Security
+ key KB to KB(m) then checks KB(KB(m) ) = m.
+
-
• If KB(KB(m) ) = m, whoever signed m must have used
Bob’s private key.
Alice thus verifies that:
 Bob signed m.
 No one else signed m.
 Bob signed m and not m’.
Non-repudiation:
 Alice can take m, and signature KB(m) to court
and prove that Bob signed m.
1-Apr-16
CPSC558 Advanced Computer Networks
Message Digests
large
message
m
H: Hash
Function
Computationally expensive
to public-key-encrypt Security
long
H(m)
messages
Goal: fixed-length, easy- toHash function properties:
compute digital
• many-to-1
“fingerprint”
• produces fixed-size msg
• apply hash function H to
digest (fingerprint)
m, get fixed size message
• given message digest x,
digest, H(m).
computationally infeasible
to find m such that x =
H(m)
1-Apr-16
CPSC558 Advanced Computer Networks
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function:
Security
 produces fixed length digest
(16-bit sum) of message
 is many-to-one
But given message with given hash value, it is easy to find another
message with same hash value:
message
I O U 1
0 0 . 9
9 B O B
ASCII format
49 4F 55 31
30 30 2E 39
39 42 D2 42
B2 C1 D2 AC
1-Apr-16
message
I O U 9
0 0 . 1
9 B O B
ASCII format
49 4F 55 39
30 30 2E 31
39 42 D2 42
B2 C1 D2 AC
different messages
but identical checksums!
CPSC558 Advanced Computer Networks
Digital signature = signed message digest
Alice verifies signature and
integrity of digitally signed
message:
Bob sends digitally signed
message:
large
message
m
H: Hash
function
Bob’s
private
key
+
-
KB
Security
encrypted
msg digest
H(m)
digital
signature
(encrypt)
encrypted
msg digest
KB(H(m))
large
message
m
H: Hash
function
KB(H(m))
Bob’s
public
key
H(m)
H(m)
equal
?
1-Apr-16
CPSC558 Advanced Computer Networks
+
KB
digital
signature
(decrypt)
Hash Function Algorithms
• MD5 hash function widely used (RFC 1321)
– computes 128-bit message digest in 4-step process.
Security
– arbitrary 128-bit string x, appears difficult to construct
msg m whose MD5 hash is equal to x.
• SHA-1 is also used.
– US standard [NIST, FIPS PUB 180-1]
– 160-bit message digest
1-Apr-16
CPSC558 Advanced Computer Networks
Chapter 7 roadmap
What is network security?
Security
Principles of cryptography
Authentication
Integrity
Key distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
Trusted Intermediaries
Symmetric key problem:
Public key problem:
• How do two entities Security
• When Alice obtains
establish shared secret key
Bob’s public key (from
over network?
web site, e-mail,
diskette), how does she
Solution:
know it is Bob’s public
• trusted key distribution
key, not Trudy’s?
center (KDC) acting as
Solution:
intermediary between
entities
• trusted certification
authority (CA)
1-Apr-16
CPSC558 Advanced Computer Networks
Key Distribution Center (KDC)
• Alice, Bob need shared symmetric key.
• KDC: server shares different secret key with each
registered user (manySecurity
users)
• Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for
communicating with KDC.
KDC
KA-KDC KP-KDC
KP-KDC
KB-KDC
KA-KDC
1-Apr-16
KX-KDC
KY-KDC
KB-KDC
CPSC558 Advanced Computer Networks
KZ-KDC
Key Distribution Center (KDC)
Q: How does KDC allow Bob, Alice to determine shared
symmetric secret key to communicate with each other?
Security
KA-KDC(A,B)
Alice
knows
R1
KDC
generates
R1
KA-KDC(R1, KB-KDC(A,R1) )
KB-KDC(A,R1)
Bob knows to
use R1 to
communicate
with Alice
Alice and Bob communicate: using R1 as
session key for shared symmetric encryption
1-Apr-16
CPSC558 Advanced Computer Networks
Certification Authorities
• Certification authority (CA): binds public key to
particular entity, E.
Security
• E (person, router) registers
its public key with CA.
– E provides “proof of identity” to CA.
– CA creates certificate binding E to its public key.
– certificate containing E’s public key digitally signed by CA –
CA says “this is E’s public key”
Bob’s
public
key
Bob’s
identifying
information
1-Apr-16
+
KB
digital
signature
(encrypt)
CA
private
key
K-
CA
CPSC558 Advanced Computer Networks
+
KB
certificate for
Bob’s public key,
signed by CA
Certification Authorities
• When Alice wants Bob’s public key:
– gets Bob’s certificate (Bob or elsewhere).
Security
– apply CA’s public key to Bob’s certificate, get
Bob’s public key
+
KB
digital
signature
(decrypt)
CA
public
key
1-Apr-16
+
K CA
CPSC558 Advanced Computer Networks
Bob’s
public
+
key
KB
A certificate contains:
• Serial number (unique to issuer)
• info about certificate owner, including algorithm and
key value itself (not shown)
Security
• info about
certificate
issuer
• valid dates
• digital
signature by
issuer
1-Apr-16
CPSC558 Advanced Computer Networks
Chapter 7 roadmap
What is network security?
Security
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
Firewalls
firewall
isolates organization’s internal net from larger
Internet, allowing someSecurity
packets to pass,
blocking others.
public
Internet
administered
network
firewall
1-Apr-16
CPSC558 Advanced Computer Networks
Firewalls: Why
prevent denial of service attacks:
– SYN flooding: attacker establishes many bogus
TCP connections, Security
no resources left for “real”
connections.
prevent illegal modification/access of internal data.
– e.g., attacker replaces CIA’s homepage with
something else
allow only authorized access to inside network (set of
authenticated users/hosts)
two types of firewalls:
– application-level
– packet-filtering
1-Apr-16
CPSC558 Advanced Computer Networks
Packet Filtering
Should arriving
packet be allowed
in? Departing packet
let out?
Security
• internal network connected to Internet via router
firewall
• router filters packet-by-packet, decision to
forward/drop packet based on:
–
–
–
–
source IP address, destination IP address
TCP/UDP source and destination port numbers
ICMP message type
TCP SYN and ACK bits
1-Apr-16
CPSC558 Advanced Computer Networks
Packet Filtering
• Example 1: block incoming and outgoing datagrams
with IP protocol field = 17 and with either source or
Security
dest port = 23.
– All incoming and outgoing UDP flows and telnet
connections are blocked.
• Example 2: Block inbound TCP segments with
ACK=0.
– Prevents external clients from making TCP
connections with internal clients, but allows
internal clients to connect to outside.
1-Apr-16
CPSC558 Advanced Computer Networks
Application gateways
host-to-gateway
telnet session
• Filters packets on
application data as well
as
Security
on IP/TCP/UDP fields.
• Example: allow select
internal users to telnet
outside.
application
gateway
gateway-to-remote
host telnet session
router and filter
1. Require all telnet users to telnet through gateway.
2. For authorized users, gateway sets up telnet connection to dest
host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating from
gateway.
1-Apr-16
CPSC558 Advanced Computer Networks
Limitations of firewalls and gateways
• IP spoofing: router can’t
• filters often use all or
know if data “really”
nothing policy for UDP.
comes from claimed Security
• tradeoff: degree of
source
communication with
• if multiple app’s. need
outside world, level of
special treatment, each
security
has own app. gateway.
• many highly protected
• client software must
sites still suffer from
know how to contact
attacks.
gateway.
– e.g., must set IP address
of proxy in Web browser
1-Apr-16
CPSC558 Advanced Computer Networks
Chapter 7 roadmap
What is network security?
Security
Principles of cryptography
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
1-Apr-16
CPSC558 Advanced Computer Networks
Internet security threats
Mapping:
– before attacking: “case the joint” – find out what
Security
services are implemented
on network
– Use ping to determine what hosts have
addresses on network
– Port-scanning: try to establish TCP connection to
each port in sequence (see what happens)
– nmap (http://www.insecure.org/nmap/) mapper:
“network exploration and security auditing”
Countermeasures?
1-Apr-16
CPSC558 Advanced Computer Networks
Internet security threats
Mapping: countermeasures
– record traffic entering network
– look for suspiciousSecurity
activity (IP addresses, pots
being scanned sequentially)
1-Apr-16
CPSC558 Advanced Computer Networks
Internet security threats
Packet sniffing:
–
–
–
–
broadcast media
Security
promiscuous NIC reads
all packets passing by
can read all unencrypted data (e.g. passwords)
e.g.: C sniffs B’s packets
C
A
src:B dest:A
payload
Countermeasures?
1-Apr-16
CPSC558 Advanced Computer Networks
B
Internet security threats
Packet sniffing: countermeasures
– all hosts in orgnization run software that checks
periodically if hostSecurity
interface in promiscuous mode.
– one host per segment of broadcast media
(switched Ethernet at hub)
C
A
src:B dest:A
1-Apr-16
payload
CPSC558 Advanced Computer Networks
B
Internet security threats
IP Spoofing:
– can generate “raw” IP packets directly from
application, puttingSecurity
any value into IP source
address field
– receiver can’t tell if source is spoofed
– e.g.: C pretends to be B
C
A
src:B dest:A
payload
Countermeasures?
1-Apr-16
CPSC558 Advanced Computer Networks
B
Internet security threats
IP Spoofing: ingress filtering
– routers should not forward outgoing packets with
Security
invalid source addresses
(e.g., datagram source
address not in router’s network)
– great, but ingress filtering can not be mandated for
all networks
C
A
src:B dest:A
payload
B
1-Apr-16
CPSC558 Advanced Computer Networks
Internet security threats
Denial of service (DOS):
– flood of maliciously generated packets “swamp”
Security
receiver
– Distributed DOS (DDOS): multiple coordinated
sources swamp receiver
– e.g., C and remote host SYN-attack A
C
A
SYN
SYN
SYN
SYN
SYN
B
Countermeasures?
1-Apr-16
SYN
SYN
CPSC558 Advanced Computer Networks
Internet security threats
Denial of service (DOS): countermeasures
– filter out flooded packets (e.g., SYN) before
Security
reaaching host: throw
out good with bad
– traceback to source of floods (most likely an
innocent, compromised machine)
C
A
SYN
SYN
SYN
SYN
SYN
B
SYN
1-Apr-16
SYN
CPSC558 Advanced Computer Networks
Chapter 7 roadmap
What is network security?
Principles of cryptography
Security
Authentication
Integrity
Key Distribution and certification
Access control: firewalls
Attacks and counter measures
Security in many layers
a. Secure email
b. Secure sockets
c. IPsec
d. 802.11 WEP
1-Apr-16
CPSC558 Advanced Computer Networks
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
K (.)
m
S
Security
KS(m )
+
+
KS
.
K B( )
+
+
KB(KS )
KS(m )
-
Internet
+
KB(KS )
KB
Alice:




generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
1-Apr-16
.
KS( )
CPSC558 Advanced Computer Networks
KS
-
.
K B( )
-
KB
m
Secure e-mail

Alice wants to send confidential e-mail, m, to Bob.
KS
K (.)
m
S
Security
KS(m )
+
+
KS
.
K B( )
+
+
KB(KS )
KS(m )
-
Internet
+
KB(KS )
KB
Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m
1-Apr-16
.
KS( )
CPSC558 Advanced Computer Networks
KS
-
.
K B( )
-
KB
m
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
-
KA
m
H(.)
-
.
KA( )
Security
-
-
KA(H(m))
KA(H(m))
+
+
Internet
m
KA
+
.
KA( )
m
• Alice digitally signs message.
H(m )
compare
.
H( )
H(m )
• sends both message (in the clear) and digital signature.
1-Apr-16
CPSC558 Advanced Computer Networks
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication,
message integrity.
-
KA
m
.
H( )
-
.
KA( )
-
Security
KA(H(m))
+
KS
.
KS( )
+
m
KS
+
.
K B( )
+
Internet
+
KB(KS )
KB
Alice uses three keys: her private key, Bob’s public
key, newly created symmetric key
1-Apr-16
CPSC558 Advanced Computer Networks
Pretty good privacy (PGP)
• Internet e-mail encryption
A PGP signed message:
scheme, de-facto standard.
---BEGIN PGP SIGNED MESSAGE--Security
• uses symmetric key
Hash: SHA1
cryptography, public key
Bob:My husband is out of town
cryptography, hash function,
tonight.Passionately yours,
and digital signature as
Alice
described.
---BEGIN PGP SIGNATURE--• provides secrecy, sender
Version: PGP 5.0
authentication, integrity.
Charset: noconv
• inventor, Phil Zimmerman, was yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ
hFEvZP9t6n7G6m5Gw2
target of 3-year federal
---END PGP SIGNATURE--investigation.
1-Apr-16
CPSC558 Advanced Computer Networks
Secure sockets layer (SSL)
• server authentication:
• transport layer security
browser
to any TCP-based appSecurity– SSL-enabled
includes public keys for
using SSL services.
trusted CAs.
– Browser requests server
• used between Web
certificate, issued by
browsers, servers for etrusted CA.
commerce (shttp).
– Browser uses CA’s public
key to extract server’s
• security services:
– server authentication
– data encryption
– client authentication
(optional)
1-Apr-16
public key from certificate.
• check your browser’s
security menu to see its
trusted CAs.
CPSC558 Advanced Computer Networks
SSL (continued)
Encrypted SSL session:
•
• Browser generates
symmetric session key,
Security
encrypts it with server’s
•
public key, sends
encrypted key to server.
• Using private key, server
•
decrypts session key.
• Browser, server know
session key
SSL: basis of IETF
Transport Layer
Security (TLS).
SSL can be used for
non-Web applications,
e.g., IMAP.
Client authentication
can be done with client
certificates.
– All data sent into TCP socket
(by client or server)
encrypted with session key.
1-Apr-16
CPSC558 Advanced Computer Networks
IPsec: Network Layer Security
• Network-layer secrecy:
• For both AH and ESP, source,
– sending host encrypts the
destination handshake:
data in IP datagram
Security
– create network-layer logical
– TCP and UDP segments;
channel called a security
ICMP and SNMP
association (SA)
messages.
• Each SA unidirectional.
• Network-layer authentication
• Uniquely determined by:
– destination host can
– security protocol (AH or
authenticate source IP
ESP)
address
– source IP address
• Two principle protocols:
– 32-bit connection ID
– authentication header (AH)
protocol
– encapsulation security
payload (ESP) protocol
1-Apr-16
CPSC558 Advanced Computer Networks
Authentication Header (AH) Protocol
AH header includes:
• provides source
authentication, data
• connection identifier
integrity, no
Security
• authentication data:
confidentiality
source- signed message
• AH header inserted
digest calculated over
between IP header, data
original IP datagram.
field.
• next header field: specifies
• protocol field: 51
type of data (e.g., TCP,
UDP, ICMP)
• intermediate routers
process datagrams as
usual
IP header
1-Apr-16
AH header
data (e.g., TCP, UDP segment)
CPSC558 Advanced Computer Networks
ESP Protocol
• provides secrecy, host
•
authentication, data integrity.
Security
• data, ESP trailer encrypted.
•
• next header field is in ESP
trailer.
ESP authentication field
is similar to AH
authentication field.
Protocol = 50.
authenticated
encrypted
IP header
1-Apr-16
ESP
ESP
ESP
TCP/UDP segment
header
trailer authent.
CPSC558 Advanced Computer Networks
IEEE 802.11 security
• War-driving: drive around Bay area, see what 802.11
networks available? Security
– More than 9000 accessible from public roadways
– 85% use no encryption/authentication
– packet-sniffing and various attacks easy!
• Wired Equivalent Privacy (WEP): authentication as in
protocol ap4.0
– host requests authentication from access point
– access point sends 128 bit nonce
– host encrypts nonce using shared symmetric key
– access point decrypts nonce, authenticates host
1-Apr-16
CPSC558 Advanced Computer Networks
IEEE 802.11 security
• Wired Equivalent Privacy (WEP): data encryption
Security
– Host/AP share 40 bit
symmetric key (semi-permanent)
– Host appends 24-bit initialization vector (IV) to create
64-bit key
– 64 bit key used to generate stream of keys, kiIV
– kiIV used to encrypt ith byte, di, in frame:
ci = di XOR kiIV
– IV and encrypted bytes, ci sent in frame
1-Apr-16
CPSC558 Advanced Computer Networks
802.11 WEP encryption
IV
(per frame)
KS: 40-bit
secret
symmetric
key
plaintext
frame data
plus CRC
Security
key sequence generator
( for given KS, IV)
k1IV k2IV k3IV … kNIV kN+1IV… kN+1IV
d1
d2
d3 …
dN
CRC1 … CRC4
c1
c2
c3 …
cN
cN+1 … cN+4
802.11
IV
header
Figure 7.8-new1:
802.11encryption
WEP protocol
Sender-side
WEP
1-Apr-16
CPSC558 Advanced Computer Networks
WEP-encrypted data
plus CRC
Breaking 802.11 WEP encryption
Security hole:
• 24-bit IV, one IV per frame, -> IV’s eventually reused
Security
• IV transmitted in plaintext -> IV reuse detected
• Attack:
– Trudy causes Alice to encrypt known plaintext d1 d2 d3
d4 …
– Trudy sees: ci = di XOR kiIV
– Trudy knows ci di, so can compute kiIV
– Trudy knows encrypting key sequence k1IV k2IV k3IV …
– Next time IV is used, Trudy can decrypt!
1-Apr-16
CPSC558 Advanced Computer Networks
Network Security (summary)
Basic techniques…...
–
–
–
–
cryptography (symmetric
and public)
Security
authentication
message integrity
key distribution
…. used in many different security scenarios
–
–
–
–
secure email
secure transport (SSL)
IP sec
802.11 WEP
1-Apr-16
CPSC558 Advanced Computer Networks
Security Summary Review
Outline
Security
Encryption Algorithms
Authentication Protocols
Message Integrity Protocols
Key Distribution
Firewalls
1-Apr-16
CPSC558 Advanced Computer Networks
Overview
• Cryptography functions
– Secret key (e.g., DES)
– Public key (e.g., RSA)Security
– Message digest (e.g., MD5)
• Security services
– Privacy: preventing unauthorized release of information
– Authentication: verifying identity of the remote participant
– Integrity: making sure message has not been altered
Security
Cryptography
algorithms
Secret
key
(e.g., DES)
1-Apr-16
Public
key
(e.g., RSA)
Security
services
Message
digest
(e.g., MD5)
Privacy
Authentication
CPSC558 Advanced Computer Networks
Message
integrity
Secret Key (DES)
Plaintext
Security
Encrypt w ith
secret key
Plaintext
Decrypt w ith
secret key
Ciphertext
1-Apr-16
CPSC558 Advanced Computer Networks
• 64-bit key (56-bits + 8-bit parity)
• 16 rounds
• Each Round
Initial permutation
Security
Round 1
Li
─1
Round 2
─1
F
56-bit
key
+
Li
Round 16
Final permutation
1-Apr-16
Ri
CPSC558 Advanced Computer Networks
Ri
Ki
• Repeat for larger messages
IV
1-Apr-16
Security
Block1
Block2
Block3
Block4
+
+
+
+
DES
DES
DES
DES
Cipher1
Cipher2
Cipher3
Cipher4
CPSC558 Advanced Computer Networks
Public Key (RSA)
Plaintext
Plaintext
Security
Encrypt w ith
public key
Decrypt w ith
private key
Ciphertext
• Encryption & Decryption
c = memod n
m = cdmod n
1-Apr-16
CPSC558 Advanced Computer Networks
RSA (cont)
• Choose two large prime numbers p and q (each 256
bits)
Security
• Multiply p and q together
to get n
• Choose the encryption key e, such that e and (p - 1) x
(q - 1) are relatively prime.
• Two numbers are relatively prime if they have no
common factor greater than one
• Compute decryption key d such that
d = e-1mod ((p - 1) x (q - 1))
• Construct public key as (e, n)
• Construct public key as (d, n)
• Discard (do not disclose) original primes p and q
1-Apr-16
CPSC558 Advanced Computer Networks
Message Digest
• Cryptographic checksum
– just as a regular checksum protects the receiver from
accidental changes toSecurity
the message, a cryptographic
checksum protects the receiver from malicious changes to
the message.
• One-way function
– given a cryptographic checksum for a message, it is virtually
impossible to figure out what message produced that
checksum; it is not computationally feasible to find two
messages that hash to the same cryptographic checksum.
• Relevance
– if you are given a checksum for a message and you are able
to compute exactly the same checksum for that message,
then it is highly likely this message produced the checksum
you were given.
1-Apr-16
CPSC558 Advanced Computer Networks
Authentication Protocols
• Three-way handshake
Client Security
1-Apr-16
Server
CPSC558 Advanced Computer Networks
• Trusted third party (Kerberos)
S
A
B
Security
A, B
E((T
,
E((T
,
L, K
, B)
, K
L, K
A ),
, A)
, K
B)
E((A
, T)
E ((T
, K)
, L,
,
K, A
), K
B)
K)
,
1
E(T +
1-Apr-16
CPSC558 Advanced Computer Networks
• Public key authentication
A
B
Security
1-Apr-16
CPSC558 Advanced Computer Networks
Message Integrity Protocols
• Digital signature using RSA
– special case of a message integrity where the code can only
have been generated by one participant
Security
– compute signature with private key and verify with public key
• Keyed MD5
– sender: m + MD5(m + k) + E(k, private)
– receiver
• recovers random key using the sender’s public key
• applies MD5 to the concatenation of this random key
message
• MD5 with RSA signature
– sender: m + E(MD5(m), private)
– receiver
• decrypts signature with sender’s public key
• compares result with MD5 checksum sent with message
1-Apr-16
CPSC558 Advanced Computer Networks
Message Integrity Protocols
• Digital signature using RSA
– special case of a message integrity where the code can only
have been generated by one participant
Security
– compute signature with private key and verify with public key
• Keyed MD5
– sender: m + MD5(m + k) + E(E(k, rcv-pub), private)
– receiver
• recovers random key using the sender’s public key
• applies MD5 to the concatenation of this random key
message
• MD5 with RSA signature
– sender: m + E(MD5(m), private)
– receiver
• decrypts signature with sender’s public key
• compares result with MD5 checksum sent with message
1-Apr-16
CPSC558 Advanced Computer Networks
Key Distribution
• Certificate
– special type of digitally signed document:
“I certify that the public
Security
key in this document belongs to the
entity named in this document, signed X.”
– the name of the entity being certified
– the public key of the entity
– the name of the certified authority
– a digital signature
• Certified Authority (CA)
– administrative entity that issues certificates
– useful only to someone that already holds the CA’s public key.
1-Apr-16
CPSC558 Advanced Computer Networks
Key Distribution (cont)
• Chain of Trust
Security
– if X certifies that a certain
public key belongs to Y,
and Y certifies that another public key belongs to Z,
then there exists a chain of certificates from X to Z
– someone that wants to verify Z’s public key has to
know X’s public key and follow the chain
• Certificate Revocation List
1-Apr-16
CPSC558 Advanced Computer Networks
Firewalls
Firew all
Rest of the Internet
Security
Local site
• Filter-Based Solution
– example
( 192.12.13.14, 1234, 128.7.6.5, 80 )
(*,*, 128.7.6.5, 80 )
– default: forward or not forward?
– how dynamic?
1-Apr-16
CPSC558 Advanced Computer Networks
Proxy-Based Firewalls
• Problem: complex policy
• Example: web server
Remote
company
user
Security
Firew all
Internet
Web
server
Company net
Random
external
user
• Solution: proxy
Firew all
External
client
Proxy
External HTTP/TCP connection
Local
server
Internal HTTP/TCP connection
• Design: transparent vs. classical
• Limitations: attacks from within
1-Apr-16
CPSC558 Advanced Computer Networks
Denial of Service
• Attacks on end hosts
Security
– SYN attack
• Attacks on routers
– Christmas tree packets
– pollute route cache
• Authentication attacks
• Distributed DoS attacks
1-Apr-16
CPSC558 Advanced Computer Networks