Transcript Cryptography_Lecture

Network Security
V.T. Raja and James Coakley
Oregon State University
Outline
• Introduction
– Imperative need for secure communication
• Increasing # of security incidences
• Cost of downtime
• Customer privacy/satisfaction etc.
• Characteristics of a secure communication
• Cryptography
Imperative Need for Secure Communication
Reported Security Incidents up to 1995
Source: CERT.ORG
Slide provided by guest speaker Kris Rosenberg
Reported Security Incidents 1995 – 2003
Source: http://www.cert.org/present/cert-overview-trends/module-1.pdf
Slide provided by guest speaker Kris Rosenberg
CERT
Source: http://www.us-cert.gov/
What does CERT do?
Imperative Need for Secure Communication
Cost of downtime
Slide provided by guest speaker Kris Rosenberg
General example for today’s lecture
• Assume Bob and Alice are illicit lovers.
• Assume Trudy is Bob’s spouse
• Alice and Bob could represent:
– a client and a server
– 2 servers
– 2 routers
– 2 business partners in a B2B transaction
– a bank and a customer
Secure Communication
• Characteristics of a secure communication
– Confidentiality
– Authentication
– Message Integrity and non-repudiation
– Availability and Access Control
Confidentiality
• Alice wants the following to be
confidential:
– The fact that she is communicating with Bob
– Timing of communication
– Frequency of communication
• Only Alice and Bob should be able to
understand the contents of the transmitted
message; Should not be understood by
eavesdropper (Trudy).
Confidentiality Relies On Cryptography
• Confidentiality often relies on
cryptographic techniques for encrypting/
decrypting data using one or more keys to
encrypt/decrypt data
• We will learn some basics about
cryptography in today’s lecture
Authentication
• Both sender and receiver should be able
to confirm identity of other party involved
in communication
– Confirm that the other party is indeed
who/what they claim to be
• Authentication relies on authentication
techniques, several of which rely on
cryptographic techniques
Message Integrity and
Non-Repudiation
• Content of communication is not altered
maliciously or by accident
• Message integrity also relies on
cryptographic techniques
• Non-repudiation = not denying what was
communicated
Availability
• Can communication occur in first place?
Hackers preventing infrastructure from being
used by legitimate users – e.g., viruses, DoS
attacks
• Detect breaches and respond to attacks
Access Control
• Entities allowed to gain access to resources
only if they have the appropriate access rights
(e.g., login ID, passwords, biometric devices)
• Facilitated by firewalls, which provide access
control based on a per-packet basis, and on a
per-service basis.
• Provide a degree of isolation and protection
from those outside of one’s network
Network Security – Part 2
Cryptography
• Symmetric Key Cryptography
• Public Key Cryptography
Symmetric Key Cryptography
• Symmetric Key Cryptography
–
–
–
–
–
–
Caesar Cipher
Monoalphabetic Cipher
Polyalphabetic Cipher
Data Encryption Standard (DES)
Triple DES (3DES)
Advanced Encryption Standard (AES)
• Trusted Intermediaries for symmetric key
distribution
– Key Distribution Center (KDC)
– Kerberos
Basic Terminology
• Plain Text
– Original data – not disguised
• Cipher (Encrypted) Text
– Disguised data – looks unintelligible to intruder
– Data disguised using encryption algorithm
• Key
– A string of #s or characters used as input to
encryption algorithm to disguise plain text
– Symmetric Key: Alice and Bob use same key to
encrypt and decrypt text
Symmetric Key Cryptography
• Caesar Cipher
– Each letter in plaintext is substituted with letter that is
K letters later
– Wrap around is allowed (i.e., z followed by letter a)
– If K = 3, a in plaintext becomes d in cipher text
b in plaintext becomes e in cipher text
– Example: Decrypt the following using a Caesar
Cipher of K =3; Assume ‘wrap around’ is allowed.
“ere, l oryh brx. Dolfh”
Once it is known that Caesar cipher is being used, it is
easy to break the code (only 25 possible key values).
Symmetric Key Cryptography
• Monoalphabetic Cipher
– Improvement on Caesar Cipher
– No regular pattern – any letter can be substituted for any other
letter, as long as each letter has a unique substitute letter, and
vice versa. Example follows:
Plain Text:
abcdefghijklmnopqrstuvwxyz
Cipher Text: m n b v c x z a s d f g h j k l p o i u y t r e w q
Example: Find cipher text for “Bob, I love you. Alice” using above
monoalphabetic cipher.
26! Possible pairings of letters – so breaking code is not as easy as
in the case of Caesar cipher. Usually statistical analysis of plain
text language can help in breaking the code faster.
Symmetric Key Cryptography
• Polyalphabetic Encryption
– Use multiple monoalphabetic/Caesar ciphers
– Use a specific monoalphabetic/Caesar cipher to
encode a letter in a specific position in the plain text
message
– This implies that same letter appearing in different
positions in the plaintext might be encoded differently.
Example: 2 Caesar ciphers; K = 5, K = 19
For every 5 bits in the plain text use the 2 Caesar
ciphers in the following pattern: C1, C2, C2, C1, C2
Example: Using K= 5 and K =19, find cipher text for
“Bob, I love you.”
Symmetric Key Cryptography
• Data Encryption Standard (DES)
– Published in 1977, and updated in 1993
– For commercial and non-classified U.S. Govt. use
– Encodes plaintext using 56-bit key
Objective: Scramble data and key so that every bit of
the cipher text depends on every bit of the data and
every bit of the key
– Algorithm: Complex (beyond the scope of the course);
Decryption works by reversing the algorithm’s
operations.
How well does DES work?
• In 1997 RSA Data Security Inc., ( A network security
company) launched a DES challenge contest to crack a
short phrase (“strong cryptography makes the world a
safer place”) it had encrypted using a 56-bit DES.
• Winning team took 4 months to decode. It had
volunteers throughout the Internet to systematically
explore key space. Claimed 10K cash prize after testing
only a quarter of the key space (about 18 quadrillion
keys)
• In 1999, RSA launched another DES challenge.
• Message was decrypted in little over 22 hours by a
network of volunteers and a special purpose computer
called “Deep Crack”. Claimed 250 K cash prize. Not
bad for a day’s work?
Symmetric Key Cryptography
• Triple DES (3 DES)
– If 56-bit DES is considered to be insecure, one can
simply run the algorithm multiple times, using a
different key each time
– DES run three times (with a different 56-bit key at
beginning of each time DES is run).
• Advanced Encryption Standard (AES)
– NIST – in Nov 2001 announced successor to DES.
– AES is also a symmetric key algorithm that processes
data in 128-bit blocks
– AES can operate with 128-bit keys, 192-bit keys, and
256-bit keys
Trusted Intermediaries
• Disadvantage of Symmetric Key
Cryptography:
– 2 communicating parties have to agree upon their
secret key ahead of time in a secure manner.
• Since sender and receiver do not meet face to
face in the networking world , they need a
trusted intermediary
– Trusted Intermediaries:
• Key Distribution Center
• Kerberos
Key Distribution Center (KDC)
• A server that shares a different secret
symmetric key with each registered user.
• KDC knows the secret key of each user, and
each user can communicate securely with KDC
using this key.
• Assume Alice and Bob use KDC for their
communication.
– Assume Alice’s secret key known to Alice and KDC is
KA-KDC
– Assume Bob’s secret key known to Bob and KDC is
KB-KDC.
Example: Alice and BOB using KDC
1. Using her key, Alice sends a message to
KDC saying that she (A) wants to
communicate with Bob (B). We denote
this message as KA-KDC(A, B).
2. a. KDC decrypts KA-KDC(A, B).
b. KDC generates a random number R1, which
is to be used as symmetric key by Alice and
Bob during their communication.
Example: Alice and BOB using KDC
2 c. KDC sends Alice R1, and a pair of values A and R1
encrypted using Bob’s key. We denote this message
sent to Alice by KDC as:
KA-KDC(R1, KB-KDC(A, R1)).
3. Alice decrypts message and extracts symmetric key R1.
Alice extracts and forwards (although she cannot
decrypt)
KB-KDC(A, R1) to Bob.
4. Bob decrypts and understands that he is to use R1 as
symmetric key to converse with person A (Alice).
5. Bob and Alice communicate using symmetric key R1
Kerberos
• Developed by MIT
• Very similar to KDC
• Has additional functions such as:
– Time stamp for validity of “nonce” R1.
– Has info about which users have access
privileges to which services on which network
servers.
Public Key Cryptography
• Public keys and Private keys
• RSA Algorithm
• Authentication
• Authentication Protocol (ap)
– ap 1.0, 2.0, 3.0, 3.1, 4.0, 5.0
– Exchanging Public Keys
» Man (Woman) in the middle-attack
Introduction - Public Key Cryptography
• Is it possible for two parties to communicate
using encryption/decryption without using a
shared secret key?
– Yes. Using public key cryptography
• A radically different and marvelously elegant
approach towards encryption/decryption
• Public key cryptography is useful not only for
encryption/decryption, but also for authentication
and digital signatures as well.
Basic Idea of Public Key Cryptography
• Each participant has a private key (known only
to the participant) and a public key.
• The public key is created with one’s private key.
• Public key is made available to others and could
be posted even on a website which is accessible
by the rest of the world.
• Public key of recipient is used by sender to
encrypt message.
• Recipient decrypts message using recipient’s
private key.
Public Key Cryptography
• Example:
– Alice wishes to send a message to Bob.
– Alice fetches Bob’s public key.
– Alice uses Bob’s public key to encrypt
message
– Alice sends encrypted message to Bob.
– Bob decrypts cipher text with Bob’s private
key.
Notation and Choice of Keys
• Assume Alice’s plain text message, (which has
to be encrypted and then sent to Bob) is denoted
as m.
• Assume Bob’s public key is denoted as KB+ and
his private key is denoted as KB-.
• These keys are chosen such that:
KB- (KB+ (m)) = KB+ (KB- (m)) = m
RSA algorithm (named after its founders, Ron Rivest,
Adi Shamir, and Leonard Adleman) has become
almost synonymous with public key cryptography.
RSA and DES/AES
• RSA is a complex algorithm and uses concepts
from number theory.
• DES is at least 100 times faster than RSA.
• In practice, RSA is often used in combination
with DES or AES.
– Message is encrypted using DES key
– Alice encrypts DES key with Bob’s public key
– Bob decrypts and obtains DES key with his private
key.
– Message is decrypted using DES key
Authentication
• ap 1.0
– Alice announces to Bob, “I am Alice.”
• Trudy could have sent this message.
• ap 2.0
– Alice announces to Bob, “I am Alice”, and
asks Bob to authenticate her by matching
source IP (in IP header) with Alice’s IP.
• Trudy could have sent this message if she had
done IP spoofing.
Authentication
• ap 3.0
– Alice announces to Bob, “I am Alice”, and asks Bob to
authenticate her by verifying her plaintext password.
• Trudy may have already eavesdropped earlier, and have stolen
Alice’s plaintext password during an earlier conversation between
Alice and Bob. Now, Trudy could send the message, “I am Alice” by
using Alice’s plaintext password.
• ap 3.1
– Alice announces to Bob, “I am Alice”, and asks Bob to
authenticate her by verifying her encrypted password, which is
kept the same for different communication sessions between
Bob and Alice.
• Same disadvantage mentioned in ap 3.0 still exists. Note that Trudy
need not decrypt the password. She could still eavesdrop, steal
encrypted password, and then perform a “playback attack” on Bob.
Authentication
• ap 4.0
– Alice announces to Bob, “I am Alice.”
– Bob sends a plaintext nonce (= r) to Alice.
• Note that nonce is a one time value that is specific to that
communication session. It is not repeated again in another session.
So “playback attack” is not possible.
– Alice resends same nonce back to Bob but this time nonce is
encrypted with symmetric key used by Alice and Bob.
– Bob decrypts nonce using symmetric key. If decrypted nonce
equals the nonce he sent Alice earlier (i.e. decrypted nonce = r) ,
then Alice is authenticated.
– However, this implies that Alice and Bob must have decided
upon and exchanged their symmetric key.
Authentication
• ap 5.0
– Alice announces to Bob, “I am Alice.”
– Bob sends a plaintext nonce (= r) to Alice.
• Since nonce is a one-time value, “playback attack” is not
possible.
– Alice resends same nonce back to Bob but this time
nonce is encrypted with Alice’s private key.
– Bob decrypts nonce using Alice’s public key. If
decrypted nonce equals the nonce he sent Alice
earlier (i.e. decrypted nonce = r) , then Alice is
authenticated.
Exchanging Public Keys
• Why should public key be publicly
available?
• Wouldn’t it be better for Alice and Bob to
exchange their respective public keys via
e-mail, after authenticating each other?
– Due to possibility of “man (woman) in the
middle attack.”
Man (Woman) in the Middle Attack
•
•
•
•
Alice transmits, “I am Alice.”
Trudy eavesdrops.
Bob sends a nonce = r.
Trudy intercepts nonce, and
sends Bob encrypted nonce
(encrypted using her private
key).
• Bob sends a message to Alice
asking her for a public key.
• Trudy intercepts message, and
sends Bob Trudy’s public key.
• Bob decrypts nonce with
Trudy’s public key (thinking
that he is using Alice’s public
key), and inadvertently
authenticates Trudy.
• While Bob is encrypting new
data using Trudy’s public key,
Trudy is busy posing as Bob to
Alice. In particular,
– Trudy transmits Bob’s nonce
to Alice
– Alice transmits encrypted
nonce (encrypted using Alice’s
private key).
– Trudy intercepts encrypted
nonce, and asks Alice for her
public key.
– Alice sends her public key
Man (Woman) in the Middle Attack
• Bob sends encrypted data (encrypted using Trudy’s
public key)
• Trudy decrypts using her private key, and finds out Bob’s
plain text.
• Trudy encrypts Bob’s plain text using Alice’s public key.
• Trudy transmits encrypted text to Alice.
• Alice decrypts using her private key, and finds out Bob’s
plain text.
• Alice and Bob are happy that they have had a secure
communication. They are ignorant of the fact that Trudy
has intercepted and decrypted Bob’s message to Alice.
Digital Signatures and
Message Digests
• Assume Bob wants to digitally sign a
“document,” m.
• Bob’s digital signature could be KB- (m)
• Due to complexity of RSA, digital
signatures are applied to “fingerprints”
instead of being applied to message m.
• Fingerprint – H(m) – where H denotes a
“hash algorithm”
• Bob’s digital signature is KB- (H(m))
Message Digests
• Message Digest (Hash) algorithms:
– MD5
– SHA-1
• Secure Hash Algorithm is a U.S. federal standard
• Required for use whenever a secure message digest
algorithm is required for federal applications
• Produces a 160-bit message digest.
• Longer the output length, the more secure SHA-1
• SHA-224, SHA-256, SHA-384, and SHA-512, which despite
the similarity of names, are actually fairly different algorithms
to SHA-1 and have much wider safety margins.
Public Key Certification
• PK cryptography – possible for two entities
to exchange secret messages without
having to exchange secret keys.
• Communicating entities have to exchange
public keys (without being subject to “man
in the middle attack”).
• Binding a public key to a particular entity is
typically done by a Certification Authority
(CA).
Certification Authority
• A CA verifies that an entity is who it claims to be.
• After verification, CA creates a certificate that
binds the public key of the entity to the identity.
• Certificate
– includes a public key
– includes globally unique identifying information about
owner of the public key
– Is digitally signed by CA
(Internet Explorer – Tools, Internet Options, Content,
Certificates)
Availability and Access Control
• Some attacks
• Firewalls
Examples of some attacks
• Denial of Service attacks
– “Ping” attacks
– SYN flood attack
• Distributed Denial of Service attacks
Terminology
• Terminology
– IP Spoofing
– Ping
– TCP
• Packet Numbers (also known as Sequence#s)
• Acknowledgement Numbers
• Port IDs (Port Scanning, mapping)
– Telnet
• Denial of Service (DoS) Attack
– Smurf Attack
– SYN Flood Attack
– Half-open telnet sessions
• Distributed DoS Attack
• Firewalls
– Packet level firewall
– Application level firewall
• Network Address Translation
– NAT Server
Ping Packets
• Ping packets
– Packets that ask a computer to respond with
an acknowledgement
– Used to see if a computer is still operational in
a network
• e.g., Ping by computer name
» Ping bus.orst.edu
Ping by IP address
» Ping 128.193.76.73
Denial of Service (DoS) Attack
•
•
Hacker attempts to disrupt the network by flooding the network with
messages so that the network cannot process messages from legitimate
users
Examples:
1. Hacker’s program continuously pings target computer.
– Consequence:
– Solution:
2. Hacker’s program continuously send “ping” requests to the target that list the
target as the sender
– Consequence:
– Solution:
3. Smurf attack:
What is a smurf attack?
What is the consequence of a smurf attack?
4. SYN Flood attack:
What is a SYN flood attack?
What is the consequence of such an attack?
TCP SYN for a simple Telnet application
• TCP stands for: Transmission Control
Protocol
• SYN stands for: Synchronize Sequence
Numbers
SYN Flood Attack
•
•
•
•
•
Attacker (client) sends a TCP SYN (Synchronize
Sequence/Packet Number) request to server.
The server responds by sending a TCP SYN/ACK
packet.
The attacker does not respond – resulting in halfopen session using up server resources.
The attacker sends a flood of such TCP SYN
requests without responding.
Requests from other legitimate clients are unable to
reach the server due to multiple half-open sessions
Distributed DoS (DDos) attack
• In A DDoS attack, a hacker first gains control of
hundreds/thousands of computers (slaves).
• Plants software referred to as DDoS agent on
each of the slaves
• Hacker then uses software referred to as DDoS
handler (master) to control the agents (slaves)
• Attacker launches attacks from all the slaves
and it is difficult to trace hacker
High Profile Victims of DDoS
• Yahoo, eBay, Amazon, Microsoft and eTrade
websites have been rendered inaccessible to
legitimate visitors after being flooded with traffic
from hundreds of hijacked system
• www.msn.com; www.expedia.com;
www.carpoint.com sites were flooded with DDoS
attack for almost one day
• DDoS attack high-level DNS servers on the
Internet