Chapter 8 Chapter 8 roadmap Network Security · Chapter 8 Network Security A note on the use of...

12/22/2015

1

Chapter 8Network Security

A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).

They’re in PowerPoint form so you can add, modify, and delete slides

(including this one) and slide content to suit your needs. They obviously

represent a lot of work on our part. In return for use, we only ask the following:

If you use these slides (e.g., in a class) in substantially unaltered form,

that you mention their source (after all, we’d like people to use our book!)

If you post any slides in substantially unaltered form on a www site, that

you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.

Thanks and enjoy! JFK/KWR

All material copyright 1996-2009J.F Kurose and K.W. Ross, All Rights Reserved

Computer Networking: A Top Down Approach ,5th edition. Jim Kurose, Keith RossAddison-Wesley, April 2009.

Chapter 8 roadmap

8.1 What is network security?

8.2 Principles of cryptography

8.3 Message integrity

8.4 Securing e-mail

8.5 Securing TCP connections: SSL

8.6 Network layer security: IPsec

8.7 Securing wireless LANs

8.8 Operational security: firewalls and IDS

What is network security?

-intruder-intercept, delete, add messages

What is network security?

Property of secure communication: Confidentiality: only sender, intended receiver

should “understand” message contents sender encrypts message

receiver decrypts message

End-to-end authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Operational security (access and availability):services must be accessible and available to users

12/22/2015

2

5

Types of Cryptography

Crypto often uses keys: Algorithm is known to everyone Only “keys” are secret

Public key cryptography Involves the use of two keys (pair of keys) One of key is know to both user (A and B), other key is

only known only by 1 user (either user A or B)

Symmetric key cryptography Involves the use one key Keys are identical and secret

Hash functions Involves the use of no keys Nothing secret: How can this be useful?

There are bad guys out there!

Q: What can a “bad guy” do?A: A lot! See section 1.6

eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address

in packet (or any field in packet) hijacking: “take over” ongoing connection by

removing sender or receiver, inserting himself in place

denial of service: prevent service from being used by others (e.g., by overloading resources)

Chapter 8 roadmap




8.4 Securing e-mail





8

The language of cryptography

(𝒎)

𝑲𝑨(𝒎) 𝑲𝑩(𝑲𝑨(𝒎))

(𝒎)

12/22/2015

3

9

Encryption scheme

Substitution cipher: substituting one thing for another

Caesar cipher and Monoalphabetic cipher: substitute one letter for another 𝒌 letter

plaintext : abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

Key: the mapping from the set of 26 letters to the set of 26 letters

Symmetric Key Cryptography

10

Breaking an encryption scheme scenario

Cipher-text only attack: intruder has ciphertext that can analyze

Two approaches: Search through all

keys: must be able to differentiate resulting plaintext from gibberish

Statistical analysis

Known-plaintext attack:intruder has some plaintext corresponding to some ciphertext eg, in monoalphabetic

cipher, trudy determines pairings for a,l,i,c,e,b,o,

Chosen-plaintext attack:intruder can get the cyphertext for some chosen plaintext

11

Polyalphabetic encryption

1. Use multiple monoalphabetic chipers

n monoalphabetic ciphers, M1,M2,…,Mn Cycling pattern:

For each new plaintext symbol, use subsequent monoalphabetic pattern in cyclic pattern

2. Using Vigenere Cipher Tabula Recta

12

12/22/2015

4

13

Two types of symmetric ciphers

Stream ciphers encrypt one bit at time

Block ciphers Break plaintext message in equal-size blocks

Encrypt each block as a unit

14

Stream Ciphers

Combine each bit of keystream with bit of plaintext to get bit of ciphertext

m(i) = ith bit of message

ks(i) = ith bit of keystream

c(i) = ith bit of ciphertext

c(i) = ks(i) m(i) ( = exclusive or)

m(i) = ks(i) c(i)

keystreamgenerator

key keystream

pseudo random

15

RC4 Stream Cipher

RC4 is a popular stream cipher Extensively analyzed and considered good

Key can be from 1 to 256 bytes

Used in WEP for 802.11

Can be used in SSL

See section 8.8!

16

Block ciphers

Message to be encrypted is processed in blocks of 𝒌 bits (e.g., 64-bit blocks).

1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext

Block cipher used in many secure Internet protocols, including PGP (for secure e-mail), SSL (for securing TCP connections), and IPsec (for securing the network-layer transport).

12/22/2015

5

17

Block ciphers

Example with 𝒌 = 𝟑:

1. what is the ciphertext for 010110001111 if k=3?2. what is the ciphertext for 010110001111 if k=4?

18

Block ciphers

How many possible mappings are there for k=3? How many 3-bit inputs? How many permutations of the 3-bit inputs?

In general, 2k! mappings; huge for k=64 Problem:

Table approach requires table with 264 entries, each entry with 64 bits

Table too big: instead use function that simulates a randomly permuted table

23 = 8

8! = 40,320

19

Cipher Block Chaining (CBC) Operation

1. Sender generates a random 𝒌-bit string, called the Initialization Vector (IV) or 𝒄(𝟎). The sender sends the IV to the receiver in cleartext.

2. For the first block, the sender calculates

𝒎 𝟏 𝒄(𝟎), that is, calculates the exclusive-orof the first block of cleartext with the IV. 𝒄(𝟏) = 𝑲𝑺(𝒎 𝟏 𝒄(𝟎)). The sender sends the encrypted block c(1) to the receiver.

3. For the 𝒊th block, the sender generates the 𝒊th

ciphertext block from 𝒄(𝒊) = 𝑲𝑺(𝒎(𝒊) 𝒄(𝒊 −𝟏)).

20

Cipher Block Chaining (CBC) Operation

4. Ciphertext of 1st block of plaintext 𝒄(𝒊) =𝑲𝑺(𝒎 𝒊 𝒄(𝟎)).

Ciphertext of 1th block of plaintext 𝒄(𝒊) =𝑲𝑺(𝒎 𝒊 𝒄(𝒊 − 𝟏)).

Plaintext: 𝒎(𝒊) = 𝑲𝑺(𝒄 𝒊 𝒄(𝒊 − 𝟏)).

12/22/2015

6

21

Public Key Cryptography

Involves the use of two keys (pair of keys) One of key is know to both user (A and B), other

key is only known only by 1 user (either user A or B)

22

Public key encryption algorithms

need K ( ) and K ( ) such thatB B. .

given public key K , it should be impossible to compute private key KB

B

Requirements:

1

2

RSA: Rivest, Shamir, Adelson algorithm

+ -

K (K (m)) = mBB

- +

+

-

23

Prerequisite: modular arithmetic

x mod n = remainder of x when divide by n Facts:

[(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n) - (b mod n)] mod n = (a-b) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n

Thus(a mod n)d mod n = ad mod n

Example: x=14, n=10, d=2:(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6

24

RSA: getting ready

A message is a bit pattern.

A bit pattern can be uniquely represented by an integer number.

Thus encrypting a message is equivalent to encrypting a number.

Example

m= 10010001 . This message is uniquely represented by the decimal number 145.

To encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext).

12/22/2015

7

25

RSA: Creating public/private key pair1. Choose two large prime numbers p, q.

(e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose e (with e

12/22/2015

8

Chapter 8 roadmap




8.4 Securing e-mail





31

Message Integrity

Allows communicating parties to verify that received messages are authentic. Content of message has not been altered

Source of message is who/what you think it is

Message has not been replayed

Sequence of messages is maintained

Let’s first talk about message digests

32

Message Digests

Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”

Note that H( ) is a many-to-1 function

H( ) is often called a “hash function”

Desirable properties: Easy to calculate

Irreversibility: Can’t determine m from H(m)

Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)

Seemingly random output

large message

m

H: HashFunction

H(m)

33

Internet checksum: poor message digest

12/22/2015

9

36

Message Authentication Code (MAC)

How we might perform message integrity? Sender creates message m and calculates

the hash H(m) (for example with SHA-1).

Adding H(m) to the message m, creating an extended message (m, H(m)) and send it to reciver.

Receiver receives an extended message (m, h) and calculates H(m).

37

Message Authentication Code (MAC)

Need authentification authentification key as a shared secret beetwen sender and receiver

How we might perform message integrity with authentification code? Sender creates message m + s and calculates

the hash H(m+s) MAC

Adding H(m+s) to the message m, creating an extended message (m,H(m+s)) and send it to reciver.

Receiver receives an extended message (m, h) and calculates H(m+s).

End-point authentication

Want to be sure of the originator of the message – end-point authentication.

Assuming Alice and Bob have a shared secret, will MAC provide end-point authentication.We do know that Alice created the message.

But did she send it?

41 44

Digital Signatures

Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document,

establishing he is document owner/creator.

Goal is similar to that of a MAC, except now use public-key cryptography

verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document

12/22/2015

10

Chapter 8 roadmap




8.4 Securing e-mail





Secure e-mail

Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m )

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m )

KB(KS )+

Secure e-mail

Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m )

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m )

KB(KS )+

Secure e-mail (continued)

• Alice wants to provide sender authentication message integrity.

• Alice digitally signs message.• sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )KA(H(m))-

m

KA-

Internet

m

KA( ).+

KA+

KA(H(m))-

mH( ). H(m )

compare

12/22/2015

11

Secure e-mail (continued)

• Alice wants to provide secrecy, sender authentication, message integrity.

Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

H( ). KA( ).-

+

KA(H(m))-

m

KA-

m

KS( ).

KB( ).+

+

KB(KS )+

KS

KB+

Internet

KS

Chapter 8 roadmap




8.4 Securing e-mail





59

SSL and TCP/IP

Application

TCP

IP

Normal Application

Application

SSL

TCP

IP

Application with SSL

• SSL provides application programming interface (API)to applications• C and Java SSL libraries/classes readily available

Chapter 8 roadmap




8.4 Securing e-mail





12/22/2015

12

68

IP Security Protocol (IPsec)

Provides security at the network layer

IPsec secures IP datagrams between any two network-layer entities, including hosts and routers.

Many institutions (corporations, government branches, non-profit organizations, and so on) use IPsec to create virtual private networks (VPNs) that run over the public Internet.

69

What is confidentiality at the network-layer?

Between two network entities:

Sending entity encrypts the payloads of datagrams. Payload could be: TCP segment, UDP segment, ICMP message,

OSPF message, and so on.

All data sent from one entity to the other would be hidden:Web pages, e-mail, P2P file transfers, TCP SYN

packets, and so on.

That is, “blanket coverage”.

70

Virtual Private Networks (VPNs)

Institutions often want private networks for security. Costly! Separate routers, links, DNS

infrastructure.

With a VPN, institution’s inter-office traffic is sent over public Internet instead. But inter-office traffic is encrypted before

entering public Internet

71

Virtual Private Network (VPN)

12/22/2015

13

Chapter 8 roadmap




8.4 Securing e-mail





Firewalls

isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.

firewall

administerednetwork

publicInternet

firewall

Firewalls: Why

prevent denial of service attacks:

SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections

prevent illegal modification/access of internal data.

e.g., attacker replaces CIA’s homepage with something else

allow only authorized access to inside network (set of authenticated users/hosts)

three types of firewalls:

stateless packet filters

stateful packet filters

application gateways

Chapter 8 Chapter 8 roadmap Network Security · Chapter 8 Network Security A note on the use of...

Documents

Transcript of Chapter 8 Chapter 8 roadmap Network Security · Chapter 8 Network Security A note on the use of...