Chapter 8 Chapter 8 roadmap Network Security · Chapter 8 Network Security A note on the use of...
Transcript of Chapter 8 Chapter 8 roadmap Network Security · Chapter 8 Network Security A note on the use of...
-
12/22/2015
1
Chapter 8Network Security
A note on the use of these ppt slides:We’re making these slides freely available to all (faculty, students, readers).
They’re in PowerPoint form so you can add, modify, and delete slides
(including this one) and slide content to suit your needs. They obviously
represent a lot of work on our part. In return for use, we only ask the following:
If you use these slides (e.g., in a class) in substantially unaltered form,
that you mention their source (after all, we’d like people to use our book!)
If you post any slides in substantially unaltered form on a www site, that
you note that they are adapted from (or perhaps identical to) our slides, and note our copyright of this material.
Thanks and enjoy! JFK/KWR
All material copyright 1996-2009J.F Kurose and K.W. Ross, All Rights Reserved
Computer Networking: A Top Down Approach ,5th edition. Jim Kurose, Keith RossAddison-Wesley, April 2009.
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
What is network security?
-intruder-intercept, delete, add messages
What is network security?
Property of secure communication: Confidentiality: only sender, intended receiver
should “understand” message contents sender encrypts message
receiver decrypts message
End-to-end authentication: sender, receiver want to confirm identity of each other
Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Operational security (access and availability):services must be accessible and available to users
-
12/22/2015
2
5
Types of Cryptography
Crypto often uses keys: Algorithm is known to everyone Only “keys” are secret
Public key cryptography Involves the use of two keys (pair of keys) One of key is know to both user (A and B), other key is
only known only by 1 user (either user A or B)
Symmetric key cryptography Involves the use one key Keys are identical and secret
Hash functions Involves the use of no keys Nothing secret: How can this be useful?
There are bad guys out there!
Q: What can a “bad guy” do?A: A lot! See section 1.6
eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address
in packet (or any field in packet) hijacking: “take over” ongoing connection by
removing sender or receiver, inserting himself in place
denial of service: prevent service from being used by others (e.g., by overloading resources)
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
8
The language of cryptography
(𝒎)
𝑲𝑨(𝒎) 𝑲𝑩(𝑲𝑨(𝒎))
(𝒎)
-
12/22/2015
3
9
Encryption scheme
Substitution cipher: substituting one thing for another
Caesar cipher and Monoalphabetic cipher: substitute one letter for another 𝒌 letter
plaintext : abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Key: the mapping from the set of 26 letters to the set of 26 letters
Symmetric Key Cryptography
10
Breaking an encryption scheme scenario
Cipher-text only attack: intruder has ciphertext that can analyze
Two approaches: Search through all
keys: must be able to differentiate resulting plaintext from gibberish
Statistical analysis
Known-plaintext attack:intruder has some plaintext corresponding to some ciphertext eg, in monoalphabetic
cipher, trudy determines pairings for a,l,i,c,e,b,o,
Chosen-plaintext attack:intruder can get the cyphertext for some chosen plaintext
11
Polyalphabetic encryption
1. Use multiple monoalphabetic chipers
n monoalphabetic ciphers, M1,M2,…,Mn Cycling pattern:
For each new plaintext symbol, use subsequent monoalphabetic pattern in cyclic pattern
2. Using Vigenere Cipher Tabula Recta
12
-
12/22/2015
4
13
Two types of symmetric ciphers
Stream ciphers encrypt one bit at time
Block ciphers Break plaintext message in equal-size blocks
Encrypt each block as a unit
14
Stream Ciphers
Combine each bit of keystream with bit of plaintext to get bit of ciphertext
m(i) = ith bit of message
ks(i) = ith bit of keystream
c(i) = ith bit of ciphertext
c(i) = ks(i) m(i) ( = exclusive or)
m(i) = ks(i) c(i)
keystreamgenerator
key keystream
pseudo random
15
RC4 Stream Cipher
RC4 is a popular stream cipher Extensively analyzed and considered good
Key can be from 1 to 256 bytes
Used in WEP for 802.11
Can be used in SSL
See section 8.8!
16
Block ciphers
Message to be encrypted is processed in blocks of 𝒌 bits (e.g., 64-bit blocks).
1-to-1 mapping is used to map k-bit block of plaintext to k-bit block of ciphertext
Block cipher used in many secure Internet protocols, including PGP (for secure e-mail), SSL (for securing TCP connections), and IPsec (for securing the network-layer transport).
-
12/22/2015
5
17
Block ciphers
Example with 𝒌 = 𝟑:
1. what is the ciphertext for 010110001111 if k=3?2. what is the ciphertext for 010110001111 if k=4?
18
Block ciphers
How many possible mappings are there for k=3? How many 3-bit inputs? How many permutations of the 3-bit inputs?
In general, 2k! mappings; huge for k=64 Problem:
Table approach requires table with 264 entries, each entry with 64 bits
Table too big: instead use function that simulates a randomly permuted table
23 = 8
8! = 40,320
19
Cipher Block Chaining (CBC) Operation
1. Sender generates a random 𝒌-bit string, called the Initialization Vector (IV) or 𝒄(𝟎). The sender sends the IV to the receiver in cleartext.
2. For the first block, the sender calculates
𝒎 𝟏 𝒄(𝟎), that is, calculates the exclusive-orof the first block of cleartext with the IV. 𝒄(𝟏) = 𝑲𝑺(𝒎 𝟏 𝒄(𝟎)). The sender sends the encrypted block c(1) to the receiver.
3. For the 𝒊th block, the sender generates the 𝒊th
ciphertext block from 𝒄(𝒊) = 𝑲𝑺(𝒎(𝒊) 𝒄(𝒊 −𝟏)).
20
Cipher Block Chaining (CBC) Operation
4. Ciphertext of 1st block of plaintext 𝒄(𝒊) =𝑲𝑺(𝒎 𝒊 𝒄(𝟎)).
Ciphertext of 1th block of plaintext 𝒄(𝒊) =𝑲𝑺(𝒎 𝒊 𝒄(𝒊 − 𝟏)).
Plaintext: 𝒎(𝒊) = 𝑲𝑺(𝒄 𝒊 𝒄(𝒊 − 𝟏)).
-
12/22/2015
6
21
Public Key Cryptography
Involves the use of two keys (pair of keys) One of key is know to both user (A and B), other
key is only known only by 1 user (either user A or B)
22
Public key encryption algorithms
need K ( ) and K ( ) such thatB B. .
given public key K , it should be impossible to compute private key KB
B
Requirements:
1
2
RSA: Rivest, Shamir, Adelson algorithm
+ -
K (K (m)) = mBB
- +
+
-
23
Prerequisite: modular arithmetic
x mod n = remainder of x when divide by n Facts:
[(a mod n) + (b mod n)] mod n = (a+b) mod n[(a mod n) - (b mod n)] mod n = (a-b) mod n[(a mod n) * (b mod n)] mod n = (a*b) mod n
Thus(a mod n)d mod n = ad mod n
Example: x=14, n=10, d=2:(x mod n)d mod n = 42 mod 10 = 6xd = 142 = 196 xd mod 10 = 6
24
RSA: getting ready
A message is a bit pattern.
A bit pattern can be uniquely represented by an integer number.
Thus encrypting a message is equivalent to encrypting a number.
Example
m= 10010001 . This message is uniquely represented by the decimal number 145.
To encrypt m, we encrypt the corresponding number, which gives a new number (the ciphertext).
-
12/22/2015
7
25
RSA: Creating public/private key pair1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e
-
12/22/2015
8
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
31
Message Integrity
Allows communicating parties to verify that received messages are authentic. Content of message has not been altered
Source of message is who/what you think it is
Message has not been replayed
Sequence of messages is maintained
Let’s first talk about message digests
32
Message Digests
Function H( ) that takes as input an arbitrary length message and outputs a fixed-length string: “message signature”
Note that H( ) is a many-to-1 function
H( ) is often called a “hash function”
Desirable properties: Easy to calculate
Irreversibility: Can’t determine m from H(m)
Collision resistance: Computationally difficult to produce m and m’ such that H(m) = H(m’)
Seemingly random output
large message
m
H: HashFunction
H(m)
33
Internet checksum: poor message digest
-
12/22/2015
9
36
Message Authentication Code (MAC)
How we might perform message integrity? Sender creates message m and calculates
the hash H(m) (for example with SHA-1).
Adding H(m) to the message m, creating an extended message (m, H(m)) and send it to reciver.
Receiver receives an extended message (m, h) and calculates H(m).
37
Message Authentication Code (MAC)
Need authentification authentification key as a shared secret beetwen sender and receiver
How we might perform message integrity with authentification code? Sender creates message m + s and calculates
the hash H(m+s) MAC
Adding H(m+s) to the message m, creating an extended message (m,H(m+s)) and send it to reciver.
Receiver receives an extended message (m, h) and calculates H(m+s).
End-point authentication
Want to be sure of the originator of the message – end-point authentication.
Assuming Alice and Bob have a shared secret, will MAC provide end-point authentication.We do know that Alice created the message.
But did she send it?
41 44
Digital Signatures
Cryptographic technique analogous to hand-written signatures. sender (Bob) digitally signs document,
establishing he is document owner/creator.
Goal is similar to that of a MAC, except now use public-key cryptography
verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document
-
12/22/2015
10
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Secure e-mail
Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m )
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m )
KB(KS )+
Secure e-mail
Bob: uses his private key to decrypt and recover KS uses KS to decrypt KS(m) to recover m
Alice wants to send confidential e-mail, m, to Bob.
KS( ).
KB( ).+
+ -
KS(m )
KB(KS )+
m
KS
KS
KB+
Internet
KS( ).
KB( ).-
KB-
KS
mKS(m )
KB(KS )+
Secure e-mail (continued)
• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
H( ). KA( ).-
+ -
H(m )KA(H(m))-
m
KA-
Internet
m
KA( ).+
KA+
KA(H(m))-
mH( ). H(m )
compare
-
12/22/2015
11
Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication, message integrity.
Alice uses three keys: her private key, Bob’s public key, newly created symmetric key
H( ). KA( ).-
+
KA(H(m))-
m
KA-
m
KS( ).
KB( ).+
+
KB(KS )+
KS
KB+
Internet
KS
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
59
SSL and TCP/IP
Application
TCP
IP
Normal Application
Application
SSL
TCP
IP
Application with SSL
• SSL provides application programming interface (API)to applications• C and Java SSL libraries/classes readily available
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
-
12/22/2015
12
68
IP Security Protocol (IPsec)
Provides security at the network layer
IPsec secures IP datagrams between any two network-layer entities, including hosts and routers.
Many institutions (corporations, government branches, non-profit organizations, and so on) use IPsec to create virtual private networks (VPNs) that run over the public Internet.
69
What is confidentiality at the network-layer?
Between two network entities:
Sending entity encrypts the payloads of datagrams. Payload could be: TCP segment, UDP segment, ICMP message,
OSPF message, and so on.
All data sent from one entity to the other would be hidden:Web pages, e-mail, P2P file transfers, TCP SYN
packets, and so on.
That is, “blanket coverage”.
70
Virtual Private Networks (VPNs)
Institutions often want private networks for security. Costly! Separate routers, links, DNS
infrastructure.
With a VPN, institution’s inter-office traffic is sent over public Internet instead. But inter-office traffic is encrypted before
entering public Internet
71
Virtual Private Network (VPN)
-
12/22/2015
13
Chapter 8 roadmap
8.1 What is network security?
8.2 Principles of cryptography
8.3 Message integrity
8.4 Securing e-mail
8.5 Securing TCP connections: SSL
8.6 Network layer security: IPsec
8.7 Securing wireless LANs
8.8 Operational security: firewalls and IDS
Firewalls
isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.
firewall
administerednetwork
publicInternet
firewall
Firewalls: Why
prevent denial of service attacks:
SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections
prevent illegal modification/access of internal data.
e.g., attacker replaces CIA’s homepage with something else
allow only authorized access to inside network (set of authenticated users/hosts)
three types of firewalls:
stateless packet filters
stateful packet filters
application gateways