Introduction to Network Security -...
Transcript of Introduction to Network Security -...
![Page 1: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/1.jpg)
Introduction to Network Security
Gerald A. Marin
These slides are provided solely for the use of FIT students taking this course in Network Security. No further copies are permitted Some materials are permitted for classroom usepermitted. Some materials are permitted for classroom use by other authors, who retain all copyrights. In particular, a number of slides in this section represent copyright protected
t i l th t i th t t C t N t ki bmaterial that accompanies the text Computer Networking by J. F. Kurose and K. W. Ross; they are used with the authors’ permission.
Network Security 1-1
![Page 2: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/2.jpg)
OrganizationOrgan zat on
What is network security?What is network security?Principles of cryptographySecurity Requirements: Confidentiality Security Requirements: Confidentiality, authentication, …Key Distribution and certificationKey Distribution and certificationAccess control: firewallsAttacks and counter measuresAttacks and counter measures
Network Security 1-2
![Page 3: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/3.jpg)
What is network security?What s network secur ty?
Confidentiality: only sender, intended receiver y yshould “understand” message contents
sender encrypts messagereceiver decrypts messagereceiver decrypts message
Authentication: sender, receiver want to confirm identity of each other
Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection
Access Control and Availability: services must be accessible and available to intended users
Non-repudiation: sender should not be able to
Network Security 1-3
Non-repudiation: sender should not be able to disavow later.
![Page 4: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/4.jpg)
Friends and enemies: Alice, Bob, Trudy, , ywell-known in network security worldBob Alice (lovers!) want to communicate “securely”Bob, Alice (lovers!) want to communicate securelyTrudy (intruder) may intercept, delete, add messages
channel data, control messages
Alice Bob
securesender
securereceiver
messages
data datarece ver
T d
Network Security 1-4
Trudy
![Page 5: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/5.jpg)
Who might Bob, Alice be?Who m ght Bob, Al ce be?
… well, real-life Bobs and Alices!, fWeb browser/server for electronic transactions (e.g., on-line purchases)on-line banking client/serverDNS serversrouters exchanging routing table updatesother examples?
Network Security 1-5
![Page 6: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/6.jpg)
There are bad guys (and girls) out there!g y ( g )Q: What can a “bad guy” do?A: a lot!A: a lot!
eavesdrop: intercept messagesactively insert messages into connectiony gimpersonation: can fake (spoof) source address in packet (or any field in packet)hijacking: “take over” ongoing connection by hijacking: take over ongoing connection by removing sender or receiver, inserting himself in placed i l f i t i f b i denial of service: prevent service from being used by others (e.g., by overloading resources)
Network Security 1-6
more on this later ……
![Page 7: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/7.jpg)
OrganizationOrgan zat on
What is network security?What is network security?Principles of cryptographySecurity RequirementsSecurity RequirementsKey Distribution and certificationAcc ss c nt l: fi llsAccess control: firewallsAttacks and counter measuresS it i lSecurity in many layers
Network Security 1-7
![Page 8: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/8.jpg)
The language of cryptographyg g f yp g p y
KAlice’s encryption
Bob’s decryptionK
plaintext plaintextciphertext
KA
encryption decryption
encryptionkey
decryptionkey
KB
plaintext pla ntextpypalgorithm
ypalgorithm
Symmetric key crypto: sender, receiver keys identicalAsymmetric key crypto: keys NOT identical.Public key crypto: encryption key public decryption key
Network Security 1-8
Public-key crypto: encryption key public, decryption key secret (private)
![Page 9: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/9.jpg)
Symmetric key cryptographyymm y yp g p ysubstitution cipher: substituting one thing for another
l h b ti i h b tit t l tt f thmonoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
E Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?:brute force (how hard?)
h ?Network Security 1-9
other?
![Page 10: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/10.jpg)
Symmetric key cryptographyymm y yp g p y
K KA B
plaintextciphertext
KA-B
encryption decryption
KA-B
plaintext ppypalgorithm
ypalgorithm
p a nt tmessage, m
K (m)A-B
K (m)A-Bm = K ( )A-B
symmetric key crypto: Bob and Alice share know same (symmetric) key: Ke ke is kn in substituti n p ttern in m n
A-Be.g., key is knowing substitution pattern in mono alphabetic substitution cipherQ: how do Bob and Alice agree on key value?
Network Security 1-10
![Page 11: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/11.jpg)
Block CipherBlock C pherThe idea of a block cipher is fundamental to the study
h of cyptography. A block cipher is a function that encrypts fix-sized blocks. Today block ciphers commonly encrypt blocks f 128 bits Th s id t t k 128 bits f “pl in of 128 bits. They are said to take 128 bits of plain
text” and produce 128 bits of “cipher text.” This is done using a secret key and a public algorithm.
Plain text Cipher textE(K,p) or EK(p)
D(K,c)
Network Security 1-11
K is said to be a “symmetric” secret key.
![Page 12: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/12.jpg)
3-bit Example 3 b t Example 3 3
3
With 3 bits only 2 messages are possible. Notice that there are 2 ! (or 8!) possible permutations of 2 messages. Each permutation can ( ) p p g pbe thought of as a "lookup table" that represents an encryption of the possible messages through a reordering. For example:
⎫ ⎫000001010
⎫⎪⎪⎪
101110111
⎫⎪⎪⎪
“Lookup table” represents one encryption (possible reordering) of all possible messages A 010
011 becomes
100
⎪⎪⎪⎬⎪
111000001
⎪⎪⎪⎬⎪
of all possible messages. A particular lookup table corresponds to one particular
101110111
⎪⎪⎪⎪⎪⎭
010011100
⎪⎪⎪⎪⎪⎭
secret key. Thus, we need 16 bits to represent all 8!=40,320 possible keys.
Network Security 1-12
111⎪⎭ 100⎪⎭poss ble keys.
![Page 13: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/13.jpg)
An “Ideal” CipherpTwo commanders have eight possible messages to send Message 000 is “do not attack” while 001 is send. Message 000 is do not attack while 001 is “attack at 1am,” message 002 is “attack at 2am,”…etc.Each has a code book that lists 8! = 40 320 “lookup Each has a code book that lists 8! = 40,320 lookup tables” generated randomly. All officers have a copy of this book. (Represents the algorithm.) J t b f th t th i ti d Just before they go to their respective commands they are directed to use table number 12,123 by the crypto staff. (Represents the secret key.) The ideal cipher represents the best that can be done. Namely, we choose one lookup table randomly from all possible lookup tables.
Network Security 1-13
y p p
![Page 14: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/14.jpg)
Huge Lookup TablesHuge Lookup TablesIf we think of a block cipher as a lookup table (corresponding to a key), the size of real tables is (corresponding to a key), the size of real tables is a problem.For 32-bit blocks a table would be 16 gigabytes.F r F r 64 bit bl cks a table w uld be 150 milli n For For 64-bit blocks a table would be 150 million terabytes.For 128-bit blocks a table would be bytes.395 10×Thus, real codes use encryption algorithms plus a key to generate ciphertext from plaintext directly. y.
Note that this approach may NOT produce an ideal cypher.
Network Security 1-14
![Page 15: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/15.jpg)
Brute Force ExampleBrute Force Example
I created a message using the following letters: g g gacelps. I have used a substitution code to encrypt it (again based only on the 6 letters above).(again based only on the 6 letters above).Any spaces have been ignored, that is, no space becomes nospace. Th t d t t i l lThe encrypted text is lcapclscaec.Find the key and break the code! Due 1/20/09 and each student will present his/her solution and pturn in a report with code.
How many possible messages are there?How many possible keys are there?
Network Security 1-15
y p y
![Page 16: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/16.jpg)
Kerckhoffs’ PrincipleKerckhoffs Pr nc ple
Security depends only on the secrecy of Security depends only on the secrecy of the Key and not on the secrecy of algorithms.
Algorithms hard to change and built into system hardware/softwareAl ith d ’t h f l i d Algorithms don’t change for long periods Someone may obtain physical access to a laptop that contains the algorithmsthat contains the algorithmsAlgorithms SHOULD be published so that other experts can check them for vulnerabilities.
Network Security 1-16
![Page 17: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/17.jpg)
Cipher AttacksC pher AttacksCiphertext-only attack: trying to decrypt a message when all you know is the ciphertext. This is the most difficult casecase.Known plaintext attack: trying to decrypt a message when you know both the plaintext and the ciphertext (by prior example or autoreply)example or autoreply).Chosen plaintext attack: now you get to specify specially prepared plaintexts for which you will then see the ciphertexts.
Offline: prepare plaintexts all ahead of timeOnline: prepare next plaintext after receiving ciphertexts from previous submissions.
Ch s n ciph t xt tt ck: R c i th ciph t xt Chosen ciphertext attack: Receive the ciphertext corresponding to your chosen plaintext AND receive the plaintext corresponding to your chosen ciphertext.
Network Security 1-17
![Page 18: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/18.jpg)
Birthday Attack (ciphertext attack example)(ciphertext attack example)
Named after the “birthday paradox.” If you have 23 people in a room, then the probability that two p p , p yof them have the same birthday is greater than 0.5.
Useful approximation: for large n the probability of Useful approximation for large n the probability of generating a duplicate (also called the probability of a collision) is close to 0.5 after approximately attempts.
n
Birthday attack: If keys are being generated randomly, then a key collision will occur relatively soon.
Determine this has happened (see a ciphertext of header twice implies same key).Insert previous message ciphertext into current message
d it ill b t d b th k t h
Network Security 1-18
and it will be accepted because the keys match.
![Page 19: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/19.jpg)
Meet-in-Middle Attack(K l i t t l )(Known plaintext example)
Suppose we know a header or any other part of a pp y pmessage always sent from Alice to Bob. Suppose further they use a 64-bit key. (Brute force attack requires evaluating keys.)64 192 1.845 10= ×q g y )Generate keys randomly and encode the header with each of the keys (produce table). Watch for the encoded header in each message
2 1.845 10322
Watch for the encoded header in each message. It will likely occur during during first transactions. Usually applied to all authentication messages sent by Alice
32 92 4.295 10= ×
messages sent by Alice.When encoded header occurs we look to see which key we used to generate it.
Network Security 1-19
![Page 20: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/20.jpg)
“Distinguishing” AttackD st ngu sh ng AttackMany types of attacks:
…decrypt only a specific message…reveal partial information about a message…other vulnerabilities?
Given many kinds of attacks crypto analysts G ven many k nds of attacks crypto analysts generally defend against a “distinguishing attack.”A distinguishing attack is an attack that detects a non-trivial difference between the ideal cipher non-trivial difference between the ideal cipher and the actual cipher.
Encryption and decryption available for comparisons between ideal and actualbetween ideal and actual.Free to choose any key.More about “non-trivial” later.
Network Security 1-20
![Page 21: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/21.jpg)
Conventional Encryption Conventional Encryption PrinciplesPrinciples
An encryption scheme has five ingredients:yp f gPlaintextEncryption algorithmSecret KeySecret KeyCiphertextDecryption algorithm (perhaps different key)
Security depends on the secrecy of the key, not the secrecy of the algorithmIn modern encryption encryp/decrypt is done with In modern encryption encryp/decrypt is done with a block cipher – an encryption function for fix-sized blocks.
Network Security 1-21
![Page 22: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/22.jpg)
CryptographyCryptographyCryptographyCryptography
Classified along three independent Classified along three independent dimensions:
The type of operations used for transforming yp p gplaintext to ciphertextThe number of keys used
symmetric (sin le key)• symmetric (single key)• asymmetric (two-keys, or public-key encryption)
The way in which the plaintext is processedy p p
Network Security 1-22
![Page 23: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/23.jpg)
Average time required for Average time required for h tih ti k h k h exhaustiveexhaustive key search key search
Key Size (bits)
Number of Alternative Keys
Time required at 106
Decryption/µs( ) y yp µ
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3 4 x 1038 5 4 x 1018 years128 2 = 3.4 x 10 5.4 x 10 years
168 2168 = 3.7 x 1050 5.9 x 1030 years
Network Security 1-23
![Page 24: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/24.jpg)
Feistel Cipher StructureFeistel Cipher StructureFeistel Cipher StructureFeistel Cipher Structure
Virtually all conventional block encryption y ypalgorithms, including DES have a structure first described by Horst Feistel of IBM in 1973.Feistel ciphers are a special class of iterated blockFeistel ciphers are a special class of iterated block ciphers where the ciphertext is calculated from the plaintext by repeated application of the same transformation or “round” functiontransformation or round function. In a Feistel cipher, the text being encrypted is split into two halves. The round function f is applied to one half using a subkey and the output of f is exclusivehalf using a subkey and the output of f is exclusive-ored with the other half. The two halves are then swapped. Each round follows the same pattern except for the last round where there is no swap
Network Security 1-24
except for the last round where there is no swap.
![Page 25: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/25.jpg)
Feistel Structure (Continued)Fe stel Structure (Cont nued)
A nice feature of a Feistel cipher is thatA nice feature of a Feistel cipher is that encryption and decryption are structurally identical though thestructurally identical, though the subkeys used during encryption at each round are taken in reverse order duringround are taken in reverse order during decryption.
Network Security 1-25
![Page 26: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/26.jpg)
Feistel Cipher StructureFeistel Cipher StructureFeistel Cipher StructureFeistel Cipher StructureThe realization of a Feistel Network depends on the choice of the following depends on the choice of the following parameters and design features:
Block size: larger block sizes mean greater securityKey Size: larger key size means greater securityNumber of rounds: multiple rounds offer increasing securityySubkey generation algorithm: greater complexity will lead to greater difficulty of cryptanalysis.Fast software encryption/decryption: the speed of Fast software encryption/decryption: the speed of execution of the algorithm becomes a concern
Network Security 1-26
![Page 27: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/27.jpg)
Network Security 1-27
![Page 28: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/28.jpg)
Conventional Encryption Conventional Encryption Al ithAl ithAlgorithmsAlgorithms
Data Encryption Standard (DES)yp ( )WAS the most widely used encryption scheme (now vulnerable).DES is a block cipherDES is a block cipher.The plaintext is processed in 64-bit blocks.The key is 56-bits in length
M ki DES Making DES more secure:use three keys sequentially (3-DES) on each datumuse cipher-block chainingThe algorithm is referred to as the Data Encryption Algorithm (DEA).
Network Security 1-28
![Page 29: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/29.jpg)
Symmetric key Symmetric key crypto: DES
initial permutation DES operation
p16 identical “rounds” of
function application, each using different each using different 48 bits of key
final permutationp
Network Security 1-29
![Page 30: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/30.jpg)
Initial PermutationIn t al Permutat on
The 64 bits of the input block to be enciphered are first subjected to the following permutation, called the initial permutation IP:
58 50 42 34 26 18 10 260 52 44 36 28 20 12 4L162 54 46 38 30 22 14 664 56 48 40 32 24 16 857 49 41 33 25 17 9 159 51 43 35 27 19 11 361 53 45 37 29 21 13 563 55 47 39 31 23 15 7
R1
Network Security 1-30
![Page 31: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/31.jpg)
DESDESDESDESThe overall processing at each iteration:
Li = Ri-1Li Ri 1
Ri = Li-1 F(Ri-1, Ki) (XOR addition)Function F to be described.
⊕
Ki is a ”subkey” formed as a permuted subset of the original 64-bit key.
L ft d Ri ht th s d f xt Left and Right are then swapped for next iteration. It remains only to understand key It remains only to understand key generation and the function F (”mangler”) .
Network Security 1-31
![Page 32: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/32.jpg)
Key Generation StepsKey Generat on Steps
Circular left shift.
Network Security 1-32
![Page 33: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/33.jpg)
Permuted choice 1 is determined by the following table:
57 49 41 33 25 17 91 58 50 42 34 26 18C 1 58 50 42 34 26 18
10 2 59 51 43 35 27 19 11 3 60 52 44 36
C0
19 11 3 60 52 44 3663 55 47 39 31 23 15 7 62 54 46 38 30 22 D0
14 6 61 53 45 37 2921 13 5 28 20 12 4
0
Note that bits 8, 16, …64 are not used; they are reserved for useas parity bits. The key is actually 56-bits. BUT Permuted Choice
Network Security 1-33
2 from previous slide actually selects 48 of these bits at each step.
![Page 34: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/34.jpg)
Shift ScheduleSh ft Schedule
Iteration Number
1 2 3 4 5 6 7 8 9 10
11
12
13
14
15
16Number 0 1 2 3 4 5 6
Number of Left
1 1 2 2 2 2 2 2 1 2 2 2 2 2 2 1
Shifts
Network Security 1-34
![Page 35: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/35.jpg)
Permuted Choice 2Permuted Cho ce
14 17 11 24 1 5 3 28 15 6 21 10
23 19 12 4 26 823 19 12 4 26 8 16 7 27 20 13 2 41 52 31 37 47 55
48 bit subkey.41 52 31 37 47 55 30 40 51 45 33 48 44 49 39 56 34 53 46 42 50 36 29 32
Network Security 1-35
This completes the subkey generation description.
![Page 36: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/36.jpg)
Network Security 1-36
![Page 37: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/37.jpg)
E-Table (Expands 32 bits to 48)E (E p )
32 1 2 3 4 532 1 2 3 4 5 4 5 6 7 8 9 8 9 10 11 12 13 32 bit (right) 48 bits out
12 13 14 15 16 17 16 17 18 19 20 21 20 21 22 23 24 25
( g )
20 21 22 23 24 25 24 25 26 27 28 29 28 29 30 31 32 1
Network Security 1-37
![Page 38: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/38.jpg)
DES Round n, Encryption
64-bit input from last round
32-bit Ln 32-bit Rn
Mangler <- Kn
(+)
32 bit L 1 32 bit R 132-bit Ln+1 32-bit Rn+1
64-bit output for next round
Network Security 1-38
p
![Page 39: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/39.jpg)
DES Mangler FunctionE table
32-bit input
6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits 6-bits
Kn (+)
S Box1 S Box2 S Box3 S Box4 S Box5 S Box6 S Box7 S Box8
4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits 4-bits
3232-bit permutation
Network Security 1-39
32-bit output
![Page 40: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/40.jpg)
S1
First Four S Boxes:
14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7 O 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0 15 12 8 2 4 9 1 7 5 11 3 14 10 O 6 1315 12 8 2 4 9 1 7 5 11 3 14 10 O 6 13 S2
15 1 8 14 6 11 3 4 9 7 2 13 12 O 5 10 3 13 4 7 15 2 8 14 12 0 1 10 6 9 11 5 0 14 7 11 10 4 13 1 5 8 12 6 9 3 2 15 13 8 10 1 3 15 4 2 11 6 7 12 0 5 14 9 S3
10 0 9 14 6 3 15 5 1 13 12 7 11 4 2 810 0 9 14 6 3 15 5 1 13 12 7 11 4 2 8 13 7 O 9 3 4 6 10 2 8 5 14 12 11 15 1 13 6 4 9 8 15 3 0 11 1 2 12 5 10 14 7 1 10 13 0 6 9 8 7 4 15 14 3 11 5 2 12 SS4
7 13 14 3 0 6 9 10 1 2 8 5 11 12 4 15 13 8 11 5 6 15 O 3 4 7 2 12 1 10 14 9 10 6 9 0 12 11 7 13 15 1 3 14 5 2 8 4
Network Security 1-40
3 15 O 6 10 1 13 8 9 4 5 11 12 7 2 14
![Page 41: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/41.jpg)
S5
2 12 4 1 7 10 11 6 8 5 3 15 13 O 14 9 14 11 2 12 4 7 13 1 5 0 15 10 3 9 8 6 4 2 1 11 10 13 7 8 15 9 12 5 6 3 O 14 11 8 12 7 1 14 2 13 6 15 O 9 10 4 5 311 8 12 7 1 14 2 13 6 15 O 9 10 4 5 3 S6
12 1 10 15 9 2 6 8 O 13 3 4 14 7 5 11 10 15 4 2 7 12 9 5 6 1 13 14 O 11 3 8 9 14 15 5 2 8 12 3 7 0 4 10 1 13 11 6 4 3 2 12 9 5 15 10 11 14 1 7 6 0 8 13 S7
4 11 2 14 15 0 8 13 3 12 9 7 5 10 6 14 11 2 14 15 0 8 13 3 12 9 7 5 10 6 1 13 0 11 7 4 9 1 10 14 3 5 12 2 15 8 6 1 4 11 13 12 3 7 14 10 15 6 8 0 5 9 2 6 11 13 8 1 4 10 7 9 5 0 15 14 2 3 12 SS8
13 2 8 4 6 15 11 1 10 9 3 14 5 0 12 7 1 15 13 8 10 3 7 4 12 5 6 11 0 14 9 2 7 11 4 1 9 12 14 2 0 6 10 13 15 3 5 8
Network Security 1-41
2 1 14 7 4 10 8 13 15 12 9 0 3 5 6 11
![Page 42: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/42.jpg)
S-box Result is 4 bits (from 6)S box Result s 4 b ts (from 6)
S bb b b b b b → →1 2 3 4 5 6 1 2 3 4S-box b b b b b b s s s s→ →1 2 3 4 1 6 2 3 4 5where is the S-box entry at row and column .
Rows are numbered 0 through 3 and columns are 0 through 15s s s s b b b b b b
Rows are numbered 0 through 3 and columns are 0 through 15.
Example: 1Sp14 4 13 1 2 15 11 8 3 10 6 12 5 9 0 7
O 15 7 4 14 2 13 1 10 6 12 11 9 5 3 8 011101→ 0011→
1
4 1 14 8 13 6 2 11 15 12 9 7 3 10 5 0
15 12 8 2 4 9 1 7 5 11 3 14 10 O 6 13
011101→ 0011→
Network Security 1-42
![Page 43: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/43.jpg)
32-Bit Permutation3 B t Permutat on16 7 20 2129 12 28 171 15 23 265 18 31 102 8 24 14
32 27 3 919 13 30 622 11 4 25
Network Security 1-43
![Page 44: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/44.jpg)
Inverse of Initial PermutationInverse of In t al Permutat on40 8 48 16 56 24 64 3239 7 47 15 55 23 63 3138 6 46 14 54 22 62 3037 5 45 13 53 21 61 2936 4 44 12 52 20 60 2835 3 43 11 51 19 59 2734 2 42 10 50 18 58 2633 1 41 9 49 17 57 25
Network Security 1-44
![Page 45: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/45.jpg)
End of DES EncryptionEnd of DES Encrypt on
Note that the DES Standard is available on our web site. Assignment: Read and Study.
Network Security 1-45
![Page 46: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/46.jpg)
DES Round n, Decryption
64-bit input from last round
32-bit Ln 32-bit Rn
Mangler <- Kng
(+)
L (+) M = R
then
32-bit Ln+1 32-bit Rn+1
L = M (+) R
64-bit output for next round
Network Security 1-46
All steps in reverse order (except Mangler).
![Page 47: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/47.jpg)
Concerns about DES
A “DES C k ” d i d f l th $250 000 th tA “DES Cracker” was designed for less than $250,000 that will try 1E12 56-bit keys per second (1000 per nanosecond). This will find the right key in about 3 days (if the plaintext is recognized as such when it appears).
The answer is to use longer keys 128-bit keys are inThe answer is to use longer keys. 128 bit keys are in fashion.
Triple DES effectively uses a 112 bit keyTriple-DES effectively uses a 112-bit key.
Network Security 1-47
![Page 48: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/48.jpg)
Triple DEATriple DEATriple DEATriple DEA
Use three keys and three executions of Use three keys and three executions of the DES algorithm (encrypt-decrypt-encrypt)yp
C i h t t
C = EK3[DK2[EK1[P]]]• C = ciphertext• P = Plaintext• EK[X] = encryption of X using key K• DK[Y] = decryption of Y using key KDK[Y] = decryption of Y using key K
Effective key length of 168 bits
Network Security 1-48
![Page 49: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/49.jpg)
Triple DEATriple DEA
Network Security 1-49
![Page 50: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/50.jpg)
Other Symmetric Block Other Symmetric Block Ci hCi hCiphersCiphers
International Data Encryption Algorithm International Data Encryption Algorithm (IDEA)
128-bit keyyUsed in PGP
BlowfishEasy to implementHigh execution speed
l h f Run in less than 5K of memory
Network Security 1-50
![Page 51: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/51.jpg)
Other Symmetric Block Other Symmetric Block Ci hCi hCiphersCiphers
RC5RC5Suitable for hardware and softwareFast, simpleAd t bl t f diff t d l thAdaptable to processors of different word lengthsVariable number of roundsVariable-length keyL iLow memory requirementHigh securityData-dependent rotations
Cast-128Key size from 40 to 128 bitsThe round function differs from round to round
Network Security 1-51
![Page 52: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/52.jpg)
Suppose plaintext is less than block length (or last segment of text is less than block ( glength)?Padding is required. Schneier* suggests two methods:g q ggLet be the plaintext and let ( ) be the length of in bytes. Let be the block size of the block ciper in bytes. Then do either of the
P P P b
following:
1. Append a single byte with value 128 and as many zero bytes as1. Append a single byte with value 128 and as many zero bytes as required to make the overall length a multiple of . The numberof zero bytes added is in the range 0, 1, ..., 1.
bb −
2. Determine the number of padding bytes required. This is a number, (between 1 and ), and ( ) is a multiple of . Pad the plaintext
by appending bytes, each with value .n b n P b
n n+
Network Security 1-52
by appending bytes, each with value .n n
*Practical Cryptography, Schneier and Ferguson
![Page 53: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/53.jpg)
Electronic CodeBook Mode (ECB)E (E )• This is the simplest way of encrypting plaintext into a
sequence of adjacent blocks Thussequence of adjacent blocks. Thus,
( , ), for 1, 2,..., max blocks.i iC E K P i= =
• Warning: if two plaintext blocks are the same, then their ciphertext will also be the same Thus this mode shouldciphertext will also be the same. Thus, this mode should never be used.
Network Security 1-53
![Page 54: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/54.jpg)
Cipher Block Modes of Cipher Block Modes of O tiO tiOperationOperation
Cipher Block Chaining Mode (CBC)p g ( )The input to the encryption algorithm is the XOR of the current plaintext block and the preceding ciphertext block.preceding ciphertext block.Repeating pattern of 64-bits are not exposedMust initialize with an “initial vector” or IV.
i1iki ]P[CEC ⊕= −
i1iiK
i1iKKiK
)P(C][CD)]P(C[ED][CD
⊕=⊕= −
Network Security 1-54ii1i1iiK1i
i1iiK
PPCC][CDC)P(C][CD
=⊕⊕=⊕⊕
−−−
−
![Page 55: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/55.jpg)
Network Security 1-55
![Page 56: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/56.jpg)
Random IVRandom IVWould like to choose a random IV for reasonable protection of the first block but receiver must know the IV (and it must be generated)
0
first block, but receiver must know the IV (and it must be generated).Idea: Create as the IV and send as the zeroth block. Then:
C
0 C randomblock=0
1
1 1 1
( , ).For decryption: ( , ) .
i i i
i i i i i i i
C E K P CP D K C C P C C P
−
− − −
= ⊕= ⊕ = ⊕ ⊕ =
Disadvantages:i l d b1. Must implement a random number generator.
2. The ciphertext is one block longer than the plaintext. This is especially troubling for short messages
Network Security 1-56
This is especially troubling for short messages.
![Page 57: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/57.jpg)
AES: Advanced Encryption StandardE E yp
new (Nov. 2001) symmetric-key NIST new (Nov. 2001) symmetric key NIST standard, replacing DESprocesses data in 128 bit blocksp128, 192, or 256 bit keysbrute force decryption (try each key) brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES
Network Security 1-57
![Page 58: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/58.jpg)
Possible ProjectsPoss ble Projects
Implement DES (or triple DES or AES…) Implement DES (or triple DES or AES…) plus block chaining mode using a random IV.
Prompt for plaintext or ciphertext input or file p p p pname.Use ASCII character set.C t k f i t HEXCreate key from input HEX.Encrypt or Decrypt as specified by user.
Network Security 1-58
![Page 59: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/59.jpg)
More About AESMore About AES
The AES standard was published in The AES standard was published in November 2001 (FIPS 197).Chosen from 5 finalists. f m f .Winner was Rijndael by Vincent Rijmen and Joan Daemen.NOT a Feistel Cypher10 full rounds include byte substitution, fu r un nc u yt u t tut n, permutation, arithmetic operations on a finite field, and XOR with key.
Network Security 1-59
![Page 60: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/60.jpg)
Illustration with Simplified AES*mp f E
S-AES created by Professor Edward S AES created by Professor Edward Schaefer and students (Santa Clara University).ySimilar structure with fewer rounds and smaller parameters.
For tutorial purposes only – not for encryption
*Willi S lli C h d N k *William Stallings, Cryptography and Network Security, Principles and Practices, 4th edition, Pearson Education, Inc., New Jersey, 2006 , , y,
Network Security 1-60
![Page 61: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/61.jpg)
S-AES Encryption/Decryption
Network Security 1-61
![Page 62: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/62.jpg)
Algorithm can be expressed using function composition:
2 1 0AK SR NS AK MC SR NS AK plaintext
[ ]Functions are applied right to left as usual: ( ) ( ) .f g x f g x=
( )22Example: ( ) and ( ) sin , then ( ) sin .f x x g x x f g x x= = =
Network Security 1-62
![Page 63: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/63.jpg)
S-AES Data Structures
Network Security 1-63
![Page 64: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/64.jpg)
Transformations
Network Security 1-64
![Page 65: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/65.jpg)
ADD Key Example:ADD Key ExamplePlain Text: 749A
0Key : 2 554 2 5 8 1
DA⎡ ⎤ ⎡ ⎤ ⎡ ⎤4 2 5 8 17 9 5A
D A C⎡ ⎤ ⎡ ⎤ ⎡ ⎤
⊕ =⎢ ⎥ ⎢ ⎥ ⎢ ⎥⎣ ⎦ ⎣ ⎦ ⎣ ⎦
In particular 2 1010 0010 1000 8.A⊕ ⇒ ⊕ = =
Network Security 1-65
![Page 66: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/66.jpg)
Nibble SubstitutionN bble Subst tut on
S-table lookup left(2 bits) are row; right(2 bits) column.Example:
8 1 6 4⎡ ⎤ ⎡ ⎤
Network Security 1-66
8 1 6 40A C C
⎡ ⎤ ⎡ ⎤→⎢ ⎥ ⎢ ⎥
⎣ ⎦ ⎣ ⎦
![Page 67: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/67.jpg)
Shift RowSh ft Row
Shift Row operates only on the second row of the input state matrix. It performs a one-nibble circular shift of the second rowsecond row.
Example:
6 4 6 4⎡ ⎤ ⎡ ⎤⎢ ⎥ ⎢ ⎥0 0C C⎡ ⎤ ⎡ ⎤
→⎢ ⎥ ⎢ ⎥⎣ ⎦ ⎣ ⎦
Network Security 1-67
![Page 68: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/68.jpg)
Mix ColumnM x Column
The mix column transformation is defined by a type of matrix multiplication on the state matrix:
00 01 00 01' '1 4.
' '4 1s s s ss s s s⎡ ⎤ ⎡ ⎤⎡ ⎤
=⎢ ⎥ ⎢ ⎥⎢ ⎥⎣ ⎦ ⎣ ⎦ ⎣ ⎦
i10 11 10 114 1 s s s s⎣ ⎦ ⎣ ⎦ ⎣ ⎦
•Addition is defined as XOR•Multiplication is defined as the multiplication operation in–
“Galois Field” aka finite field( )42GF
Network Security 1-68
Galois Field aka finite field.( )42GF
![Page 69: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/69.jpg)
Multiplication in ( )42GFMultiplication in ( )2GF
Network Security 1-69
![Page 70: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/70.jpg)
Mix Column ExampleM x Column Example
1 4 6 4 6 4 4 4 0 3 4.
4 1 0 4 6 4 4 0 7 3C
C C⊕ ⊕⎡ ⎤ ⎡ ⎤ ⎡ ⎤ ⎡ ⎤
= =⎢ ⎥ ⎢ ⎥ ⎢ ⎥ ⎢ ⎥⊕ ⊕⎣ ⎦ ⎣ ⎦ ⎣ ⎦ ⎣ ⎦
i ii
i i
Network Security 1-70
![Page 71: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/71.jpg)
Key ExpansionKey Expans on
Original 16 bit key is represented as shown on slide 63 usingOriginal 16-bit key is represented as shown on slide 63 using two 8-bit “words.”
0 1:w w
The four expansion words are found as follows:The four expansion words are found as follows:
( ) ( )( )2 0 11w w RCON SubNib RotNib w
w w w
= ⊕ ⊕
= ⊕
( ) ( )( )3 1 2
4 2 3
5 3 4
2
w w w
w w RCON SubNib RotNib w
w w w
= ⊕
= ⊕ ⊕
= ⊕5 3 4w w w⊕
( ) ( )where 1 10000000 and 2 00110000.RCON RCON= =
Network Security 1-71
![Page 72: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/72.jpg)
Key Expansion (continued)Key Expans on (cont nued)
The function ROTNIB does a one nibble The function ROTNIB does a one nibble (4bits) circular rotation on the input 8-bit word which has the effect of swapping the ppfirst 4 bits with the second 4 bits. The function SUBNIB performs nibble substitution on the input 8-bit word using the S-box.
Network Security 1-72
![Page 73: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/73.jpg)
Key Expansion ExampleKey Expans on ExampleFrom:
( ) ( )( )2 0 1
3 1 2
1w w RCON SubNib RotNib w
w w w
= ⊕ ⊕
= ⊕
( ) ( )( )4 2 3
5 3 4
2w w RCON SubNib RotNib w
w w w
= ⊕ ⊕
= ⊕
( )0 1
2
with initial key 2 55 0010 1101 0101 0101 we have:00101101 10000000 01010101
00101101 10000000 00010001 10111100
D w ww SubNib
= =
= ⊕ ⊕
= ⊕ ⊕ =
( )3
4
10111100 01010101 1110100110111100 00110000 10011110
ww SubNib
= ⊕ =
= ⊕ ⊕
10111100 00110000 00101111 10100011= ⊕ ⊕ =
Network Security 1-73
5
10111100 00110000 00101111 1010001110100011 11101001 01001010.w= ⊕ ⊕ == ⊕ =
![Page 74: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/74.jpg)
Homework 2Homework
Use S-AES to encrypt the message FACE Use S AES to encrypt the message FACE using the key D24E.Work on your own (follow the slides).W y (f ).Can be done without programming.
Network Security 1-74
![Page 75: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/75.jpg)
Location of Encryption DeviceLocation of Encryption DeviceLocation of Encryption DeviceLocation of Encryption Device
Link encryption:Link encryption:A lot of encryption devicesHigh level of securityg yDecrypt each packet at every switch
End-to-end encryptionThe source encrypts and the receiver decryptsPayload encryptedHeader in the clear
High Security: Both link and end-to-end ti d d (s Fi 2 9)
Network Security 1-75
encryption are needed (see Figure 2.9)
![Page 76: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/76.jpg)
Network Security 1-76
![Page 77: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/77.jpg)
Key DistributionKey DistributionKey DistributionKey Distribution
1. A key could be selected by A and y yphysically delivered to B.
2. A third party could select the key and h i ll d li it t A d Bphysically deliver it to A and B.
3. If A and B have previously used a key, one party could transmit the new key to one party could transmit the new key to the other, encrypted using the old key.
4. If A and B each have an encrypted . f an ach ha an ncrypt connection to a third party C, C could deliver a key on the encrypted links to A and B
Network Security 1-77
and B.
![Page 78: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/78.jpg)
Key Distribution (See Figure Key Distribution (See Figure y ( gy ( g2.10)2.10)Session key:Session key:
Data encrypted with a one-time session key.At the conclusion of the session the key is d ddestroyed
Permanent key:U d b t titi f th f Used between entities for the purpose of distributing session keys
Network Security 1-78
![Page 79: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/79.jpg)
Network Security 1-79
![Page 80: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/80.jpg)
Recommended ReadingRecommended ReadingRecommended ReadingRecommended Reading
Stallings W. Cryptography and Network Stallings, W. Cryptography and Network Security: Principles and Practice, 2nd
edition. Prentice Hall, 1999Scneier, B. Applied Cryptography, New York: Wiley, 1996Mel, H.X. Baker, D. Cryptography Decrypted. Addison Wesley, 2001Ferguson, Niels and Schneier, Bruce Practical Cryptography, Wiley, 2003
Network Security 1-80
![Page 81: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/81.jpg)
Public Key CryptographyK y yp g p y
symmetric key crypto public key cryptographyy y yprequires sender, receiver know shared s t k
public key cryptographyradically different approach [Diffie-H ll 76 RSA78]secret key
Q: how to agree on key in first place
Hellman76, RSA78]sender, receiver do not share secret keyn f rst place
(particularly if never “met”)?
not share secret keypublic encryption key known to allprivate decryption key known only to receiver
Network Security 1-81
receiver
![Page 82: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/82.jpg)
Public key cryptographyy yp g p y
Bob’s publick
K B+
key KB
Bob’s privatekey
K B-
plaintext ciphertextencryption decryption plaintextplaintextmessage, m
ciphertextencryptionalgorithm
decryption algorithm
plaintextmessageK (m)
B+
m = K (K (m))B+
B-
Network Security 1-82
![Page 83: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/83.jpg)
Public key encryption algorithmsy yp g m
Requirements:
need K ( ) and K ( ) such thatB B. .
q
1 + -B
K (K (m)) = mBB
- +
+given public key K , it should be impossible to compute
i t k K
B2 +
-private key K B
RSA: Rivest Shamir Adelson algorithmNetwork Security 1-83
RSA: Rivest, Shamir, Adelson algorithm
![Page 84: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/84.jpg)
Math Foundations for Public Key Cryptographyy yp g p y
This material motivated by Ferguson/Schneier l h
Divisibility and Primes
Practical Cryptography
yGenerating PrimesComputations Modulo a PrimepLarge Primes
Network Security 1-84
![Page 85: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/85.jpg)
Divisibility and Primes (Review)D v s b l ty and Pr mes (Rev ew)
1. We write | and say " divides " if we can divide by witha b a b b a| y yno remainder. 2. We say that a number is "prime" if its only divisors are 1 and itself. 3. Any number larger than 1 that is NOT a prime is a "composite" number.4. Divisibility is "transitive" that is: If | and | , then | . (Prove this.)5. Lemma 1: Let be a positive number greater than 1. Let be the
a b b c a cn d5. Lemma 1: Let be a positive number greater than 1. Let be the
smallest divin d
sor of that is greater than 1. Then is prime. We will consider the proof of this next. Lemma 1 is used to prove
n d
Theorem 1. 6. Theorem 1. (Due to Euclid). There are an infinite number of primes.
Network Security 1-85
![Page 86: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/86.jpg)
Proof of Lemma Proof of Lemma
First students should prove that is well-defined. That is, show thatevery positive integer has a smallest divisor. Next suppose this number
is NOT prime By defn of prime then is divisible b
dn
d d y a number e is NOT prime. By defn of prime then is divisible bd d y a number that satisfies: 1 . Any such would be the smallest divisor of because divisibility is transitive. This is a contradiction.
ee d e n< <y
Network Security 1-86
![Page 87: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/87.jpg)
Proof of Theorem 1Proof of Theorem
Assume on the contrary that the number of primes is finite and that
1 2 1 2
Assume, on the contrary, that the number of primes is finite and that, ,..., is the list of all primes. Let 1. Let be
the smallest divisor of that is greater than 1. We know fromk kp p p n p p p d
n= +
Lemma 1
1that is prime. We also know that | . None of the primes divides . Thus, is a prime that is not in our list of all primes. This
kd d n p pn d
is a contradiction so the number of primes must be infinite.
Network Security 1-87
![Page 88: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/88.jpg)
Fundamental Theorem of Arithmetic
Any integer greater than 1 can be written as the product of primes andy g g p pthis representation is unique except for the order of the primes.
2
2 2
Example: 147 7 3 700 7 2 5 .
= ×
= × ×
Network Security 1-88
![Page 89: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/89.jpg)
Generating Small Primes(Th Si f E t th )(The Sieve of Eratosthenes)
• Generate all primes less than a positive integer n greaterGenerate all primes less than a positive integer n greater than 2 but less than a max determined by available memory. E l 200000• Example:
•
n 200000:=
init 1 2, n..:= Must initialize array b to pass tobinit 0:=
Must initialize array b to pass to function f as a parameter.
• Define function f(n b) then call• Define function f(n,b), then call.
Network Security 1-89
![Page 90: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/90.jpg)
f n b,( ) i 2←:= First prime is 2.
b m 1←
m 1 2, n..∈for
2
Sets a flag indicating all numbers less than n MAY be prime.
Thi i i i t ll lti l f it (l th
top floorni
⎛⎜⎝
⎞⎟⎠
←
i2 n≤while This i is a prime set all multiples of it (less than n) to composite.
⎝ ⎠
k j i⋅←
j 2 3, top..∈for
b k 0←
i i 1+←
bi 0while
i i 1+←
bi 0while
b
Network Security 1-90
![Page 91: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/91.jpg)
0
187905 0A sample from the returned 187906
187907
187908
0
1
0
array of 200,000 elements.
187908
187909
187910
187911
0
1
0
0f n b,( )
187911
187912
187913
187914
0
0
0
0
=
187914
187915
187916
187917
0
0
0
0187917
187918
187919
187920
0
0
0
0
Network Security 1-91
187920 0
![Page 92: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/92.jpg)
Computation Modulo a PrimeComputat on Modulo a Pr meLet be a prime (for much of this could also be a composite number) and recall that for any integer the number (mod ) is the remainder
p pr r pand recall that for any integer the number (mod ) is the remainder
obtained after dividing by . Thus, 100 (mod 13) 9. Nr r p
r p = ote that the only distinct values (mod ) are 0,1,2,..., 1. (Negative resultsp p −can also be converted into this range.)
Recall also that the greatest common divisor or "gcd" of positive integers and is the largest integer 0 such that | and | .Example: gcd(12,16) 4.Also recall that the least common multiple or
a b k k a k b>=
"lcm" of and is a bpthe smallest integer 0 such that | and | .Example: lcm(12,16) 48.
k a k b k>=
Network Security 1-92It is well known that gcd( , ) lcm( , ) .a b a b ab× =
![Page 93: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/93.jpg)
Euclid’s gcd AlgorithmEucl d s gcd Algor thmGiven two non-negative integers, the notation ( , ) implies that0 .
a ba b≤ <
( , ) ( , )While 0 x y a b
x←>
( , ) ( mod , )gcd( , ) .
x y y x xa b y
←←
Example: (21,30) (9,21) (3,9) (0,3) gcd(21,30) 3.→ → → ⇒ =Definition: If gcd( , ) 1, then and are said to be relativelyprime.
a b a b=
Network Security 1-93
![Page 94: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/94.jpg)
Extended Euclid AlgorithmExtended Eucl d Algor thmIt is well known that there exist integers and such that gcd( , ) . In the previous example, we want
x ya b ax by= +g ( ) p p
3 gcd(21,30) 21 30 . If we write down our intermediate steps,1. 30 1 21 9
yx y= = +
= × +2. 21 2 9 33
= × +. 9 3 3 0, which implies gcd(21,30) 3.= × + =
From step 2 we have 3 21 2 9. We use step 1 to substitute forthe 9. This yields 3 21 2 (30 1 21) 3 21 2 30.Th 3 3 21 2 30 Th t d d d l ith d
= − ×= − × − × = × − ×
thThus, 3 3 21 2 30. The extended-gcd algorithm produ= × − × ces the two sought integers and . This, in turn, will enable division moduloa specified value which is a critical step in the RSA algorithm
x y
Network Security 1-94
a specified value, which is a critical step in the RSA algorithm.
![Page 95: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/95.jpg)
RSA: Choosing keysRSA Choos ng keys1. Choose two large prime numbers p, q.
( 2000 bi f h i d )(e.g., 2000+ bits for their product)I used the small primes approach to findp = 39607 and q = 78517.p q
2. Compute n = pq, z = (p-1)(q-1)
n 3109822819=
Z 3109704696Z = 3109704696
Network Security 1-95
![Page 96: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/96.jpg)
RSA Keys ContinuedRSA Keys Cont nued3. Choose e (with e<n) that has no common f t ith ( “ l ti l i ”)factors with z. (e, z are “relatively prime”).
These factors are easy to guess. My first guess was 47785. It happens that gcd(47785 3109704696) 1It happens that gcd(47785,3109704696) 1.=
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
This is the difficult step and requires the extended Euclidean algorithm.
Network Security 1-96
![Page 97: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/97.jpg)
Finding d Using Ext Euclid Alg F nd ng d Us ng Ext Eucl d Alg Must choose d so that ed = 1 (mod z):Find gcd(47785,z) where 47785 is a guess.Find gcd(47785,z) where 47785 is a guess.3109704696 = 65077x47785+251
47785 = 190x251 + 95⇒ 47785 = 190x251 + 95251 = 2x95 + 61
⇒⇒
95 = 1x61 + 3461 = 1x34 + 27
⇒⇒
34 = 1x27 + 727 = 3x7 + 6
⇒⇒
Relatively Prime
Network Security 1-97
27 3x7 6⇒ 7 = 1x6 + 1. ⇒
![Page 98: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/98.jpg)
Reversing Steps to Find 1=ax+byRevers ng Steps to F nd ax by
sub 1: 1 = 7 - 1x6sub : 7 6sub 6: = 7 - 1x(27-3x7) = 4x7 - 1x27sub 7: = 4x(34 - 1x27) -1x27 = 4x34 - 5x27sub 27: = 4x34 - 5x(61 - 1x34) = 9x34 - 5x61sub 34: = 9x(95 - 1x61) - 5x61 = 9x95 - 14x61sub 61: = 9x95 - 14x(251 - 2x95) = 37x95 - 14x251sub 61: = 9x95 - 14x(251 - 2x95) = 37x95 - 14x251sub 95: = 37x(47785 - 190x251) - 14x251 = 37x47785 - 7044x251sub 251: = 37x47785 - 7044(3109704696 - 65077x47785) = 458402425x47785 - 7044x3109704696
Because second term on right-hand side is zero mod z, it follows that
Network Security 1-98
458402425x47785=1 mod z. Let d = 458402425.
![Page 99: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/99.jpg)
RSA Keys ContinuedRSA Keys Cont nued
5 Public key is (n e) Private key is (n d)5. Public key is (n,e). Private key is (n,d).KB
+KB
-
n 3109822819=
47785
Trudy knows that Bob’s public key is (n,e) and would like to find d. She
e = 47785
d = 458402425
knows ed mod z =1 but does not know z. To find z she needs p and q and so must factor n.
Security depends on difficulty of factoring n (which has 2000+ digits)
Network Security 1-99
n (which has 2000+ digits).
![Page 100: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/100.jpg)
RSA: Encryption, decryptionRSA Encrypt on, decrypt on0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, computec = m mod ne (i e remainder when m is divided by n)ec = m mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, computedm = c mod nd (i.e., remainder when c is divided by n)d
m = (m mod n)e mod ndMagichappens!
c
Network Security 1-100
c
![Page 101: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/101.jpg)
RSA example:mpBob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e z relatively prime)e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z.)
letter m me c = m mod neencrypt:
l 12 1524832 17
d dd l
encrypt:
c m = c mod nd17 481968572106750915091411825223071697 12
cd letterl
decrypt:
Network Security 1-101
![Page 102: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/102.jpg)
Why does RSA work?Why does RSA work?
RSA d d ll k lt f b th
mod( 1)( 1)
RSA depends on a well-known result from number theory:If and are prime and , then
mod mod for any positive integers andy y p q
p q n pqx n x n x y− −
=
=mod mod for any positive integers and .
Example:
x n x n x y=
Let 3 5 15 be the product of two primes.n = × =12 12mod8
12
Choose 2 and 12.Then result says that 2 mod15 2 mod15. Correct?
x y= =
=12
12mod8 4
LHS 2 mod15 4096mod15 1.RHS 2 mod15 2 mod15 16mod15 1.
= = =
= = = =
Network Security 1-102
![Page 103: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/103.jpg)
RSA: Why does m = (m mod n)e mod n ?dRSA Why does m (m mod n) mod n ?
Recall number theory result: If p,q prime and n pq th n:n = pq, then:
x mod n = x mod ny y mod (p-1)(q-1)
(m mod n)e mod n = m mod nd ed
ded mod (p-1)(q-1)= m mod ned mod (p 1)(q 1)
d1(using number theory result above)
= m mod n1
(since we chose ed to be divisible by(p-1)(q-1) with remainder 1 )
Network Security 1-103= m
(p )(q ) )
![Page 104: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/104.jpg)
RSA: another important propertymp p p y
The following property will be very useful later:
K (K (m)) = mBB
- +K (K (m))BB
+ -=( )
BB ( ( ))BB
use public key use private key p yfirst, followed by private key
p yfirst, followed by public key
Result is the same!
Network Security 1-104
![Page 105: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/105.jpg)
Security OverviewSecur ty Overv ew
What is network security?What is network security?Principles of cryptographySecurity RequirementsSecurity RequirementsKey Distribution and certificationAcc ss c nt l: fi llsAccess control: firewallsAttacks and counter measures
Network Security 1-105
![Page 106: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/106.jpg)
AuthenticationAuthentication
Goal: Bob wants Alice to “prove” her identity Goal: Bob wants Alice to prove her identity to him
Protocol ap1 0: Alice says “I am Alice”Protocol ap1.0: Alice says I am Alice
“I Ali ”Failure scenario??
“I am Alice”
Network Security 1-106
![Page 107: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/107.jpg)
AuthenticationAuthentication
Goal: Bob wants Alice to “prove” her identity Goal: Bob wants Alice to prove her identity to him
Protocol ap1 0: Alice says “I am Alice”Protocol ap1.0: Alice says I am Alice
in a network,Bob can not “see”
Alice, so Trudy simply Alice, so Trudy simply declares
herself to be Alice“I am Alice”
Network Security 1-107
![Page 108: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/108.jpg)
Authentication: another tryy
Protocol ap2.0: Alice says “I am Alice” in an IP packett i i h IP dd containing her source IP address
“I am Alice”Alice’s IP address
Failure scenario??IP address
Network Security 1-108
![Page 109: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/109.jpg)
Authentication: another tryy
Protocol ap2.0: Alice says “I am Alice” in an IP packett i i h IP dd containing her source IP address
Trudy can createa packet
“sp fin ”spoofing”Alice’s address“I am Alice”Alice’s
IP address
Network Security 1-109
![Page 110: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/110.jpg)
Authentication: another tryy
Protocol ap3.0: Alice says “I am Alice” and sends hert d t d t “ ” itunencrypted secret password to “prove” it.
“I’m Alice”Alice’s IP addr
Alice’s password
Failure scenario??OKAlice’s
IP addr
Network Security 1-110
![Page 111: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/111.jpg)
Authentication: another tryy
Protocol ap3.0: Alice says “I am Alice” and sends hert d t d t “ ” itunencrypted secret password to “prove” it.
“I’m Alice”Alice’s IP addr
Alice’s password
playback attack: Trudy records Alice’s packetand later plays it back t B b Sh l
OKAlice’s IP addr
to Bob. She can also learn the password.
“I’m Alice”Alice’s IP addr
Alice’s password
Network Security 1-111
IP addr password
![Page 112: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/112.jpg)
Authentication: yet another tryy y
Protocol ap3.1: Alice says “I am Alice” and sends hert d t d t “ ” itencrypted secret password to “prove” it.
“I’m Alice”Alice’s IP addr
encrypted password
Failure scenario??OKAlice’s
IP addr
Network Security 1-112
![Page 113: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/113.jpg)
Authentication: another tryy
Protocol ap3.1: Alice says “I am Alice” and sends hert d t d t “ ” itencrypted secret password to “prove” it.
recordd
“I’m Alice”Alice’s IP addr
encrypptedpassword
andplayback
still works!OKAlice’s
IP addr
“I’m Alice”Alice’s IP addr
encryptedpassword
Network Security 1-113
IP addr password
![Page 114: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/114.jpg)
Authentication: yet another tryy yGoal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetimeap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R encrypted with shared secret keymust return R, encrypted with shared secret key
“I am Alice”
R
K (R) Alice is live and K (R)A-BAlice is live, and only Alice knows key to encrypt
nonce so it must
Network Security 1-114
Failures, drawbacks?nonce, so it must
be Alice!
![Page 115: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/115.jpg)
Authentication: ap5.0p .
ap4.0 requires shared symmetric key can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”R
Bob computes(K (R)) R
-K +RK (R)A
-
“send me your public key”
(K (R)) = RAK Aand knows only Alice
could have the private k h d R
send me your public key
K A+ key, that encrypted R
such that(K (R)) = RA
-K A
+
Network Security 1-115
AA
![Page 116: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/116.jpg)
ap5.0: security holep yMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice I am AliceRR
TK (R)-
Send me your public key
K +
AK (R)-R
TK ASend me your public key
AK +
K (m)+TK (m)
Tm = K (K (m))+
T-
Trudy gets
sends m to Alice ennr pted ith
AK (m)+
+-
Network Security 1-116
ennrypted with Alice’s public keyA
m = K (K (m))+A
-
![Page 117: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/117.jpg)
ap5.0: security holep yMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Difficult to detect: h h l d d Bob receives everything that Alice sends, and vice
versa. (e.g., so Bob, Alice can meet one week later and recall conversation))
problem is that Trudy receives all messages as well!
Network Security 1-117
![Page 118: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/118.jpg)
Integrity: Digital Signaturesg y D g g
Cryptographic technique analogous to hand-Cryptographic technique analogous to hand-written signatures.sender (Bob) digitally signs document, sender (Bob) digitally signs document, establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can
t th t B b d l prove to someone that Bob, and no one else (including Alice), must have signed the document
Network Security 1-118
![Page 119: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/119.jpg)
Digital SignaturesD g g
Simple digital signature for message m:Bob signs m by encrypting with his private key KB, creating “signed” message, KB(m)--
Dear AliceBob’s message, m Bob’s private
key K B
-
Bob’s message,
K B-(m)
Oh, how I have missed you. I think of you all the time! …(blah blah blah)
Bob
Public keyencryptionalgorithm
g ,m, signed
(encrypted) with his private key
Network Security 1-119
![Page 120: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/120.jpg)
Digital Signatures (more)g g ( )Suppose Alice receives msg m, digital signature KB(m)Alice verifies m signed by Bob by applying Bob’s
-
Alice verifies m signed by Bob by applying Bob s public key KB to KB(m) then checks KB(KB(m) ) = m.If KB(KB(m) ) = m whoever signed m must have used
+ +
-
- -
+If KB(KB(m) ) m, whoever signed m must have used Bob’s private key.
Alice thus verifies that:Alice thus verifies that:Bob signed m.No one else signed m.Bob signed m and not m’.
Non-repudiation:Alice can take m and signature K (m) to -
Network Security 1-120
Alice can take m, and signature KB(m) to court and prove that Bob signed m.
![Page 121: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/121.jpg)
Message Digests l g D g
Computationally expensive
large message
m
H: HashFunction
Computationally expensive to public-key-encrypt long messages H(m)
Goal: fixed-length, easy-to-compute digital “fingerprint”
Hash function properties:many-to-1
fingerprintapply hash function H to m, get fixed size
produces fixed-size msg digest (fingerprint)given message digest x message digest, H(m). given message digest x, computationally infeasible to find m such th t H( )
Network Security 1-121
that x = H(m)
![Page 122: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/122.jpg)
Internet checksum: poor crypto hash p ypfunction
Internet checksum has some properties of hash function:Internet checksum has some properties of hash function:produces fixed length digest (16-bit sum) of messageis many-to-oneis many to one
But given message with given hash value, it is easy to find another message with same hash value: m g m
I O U 1 49 4F 55 31
message ASCII formatI O U 9 49 4F 55 39
message ASCII formatI O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 D2 42
B2 C1 D2 AC
0 0 . 19 B O B
30 30 2E 3139 42 D2 42
B2 C1 D2 ACdiff nt m ss s
Network Security 1-122
B2 C1 D2 AC B2 C1 D2 ACdifferent messagesbut identical checksums!
![Page 123: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/123.jpg)
Digital signature = signed message digest
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
large message
mH: Hashfunction H(m)
g message:
encrypted msg digest
digitalsignature(encrypt)
Bob’s private
key K -
KB(H(m))-large
messagem digitalBob’s (encrypt)key K B
encrypted msg digest
m
H: Hashfunction
digitalsignature(decrypt)
publickey K B
+
+ KB(H(m))-g g
H(m) H(m)
equal
Network Security 1-123
equal?
![Page 124: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/124.jpg)
Hash Function AlgorithmsF g mMD5 hash function widely used (RFC 1321)
computes 128-bit message digest in 4-step process. arbitrary 128-bit string x appears difficult to arbitrary 128 bit string x, appears difficult to construct msg m whose MD5 hash is equal to x.
SHA-1 is also used.US standard [NIST, FIPS PUB 180-1]160-bit message digest
Network Security 1-124
![Page 125: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/125.jpg)
Chapter 7 roadmapChapter 7 roadmap
What is network security?What is network security?Principles of cryptographySecurity RequirementsSecurity RequirementsKey distribution and certificationAcc ss c nt l: fi llsAccess control: firewallsAttacks and counter measuresS it i lSecurity in many layers
Network Security 1-125
![Page 126: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/126.jpg)
Trusted Intermediariesm
Symmetric key problem: Public key problem:How do two entities establish shared secret key over network?
When Alice obtains Bob’s public key (from web site e-mail key over network?
Solution:trusted key distribution
web site, e mail, diskette), how does she know it is Bob’s public k t T d ’ ?trusted key distribution
center (KDC) acting as intermediary between entities
key, not Trudy’s?Solution:
trusted certification entities trusted certification authority (CA)
Network Security 1-126
![Page 127: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/127.jpg)
Key Distribution Center (KDC)K y D (KD )Alice, Bob need shared symmetric key.KDC h diff t t k ith h KDC: server shares different secret key with each registered user (many users)Alice, Bob know own symmetric keys, KA KDC KB KDC , for Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC.
KDC
KX-KDC
K
KP-KDC
KB-KDC
KA-KDC
KP-KDC
KB-KDC
KY-KDC
KZ-KDCKA KDC
Network Security 1-127
KA-KDC
![Page 128: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/128.jpg)
Key Distribution Center (KDC)K y D (KD )Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? symmetric secret key to communicate with each other?
KDC generates K (A B)
Alice Bob knows to
generates R1KA-KDC(A,B)
KA-KDC(R1, KB-KDC(A,R1) )Aliceknows
R1
Bob knows to use R1 to
communicate with Alice
KB-KDC(A,R1)
A KDC( B KDC( ) )
with Alice
Alice and Bob communicate: using R1 as session key for shared symmetric encryption
Network Security 1-128
session key for shared symmetric encryption
![Page 129: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/129.jpg)
Certification AuthoritiesfCertification authority (CA): binds public key to particular entity Eparticular entity, E.E (person, router) registers its public key with CA.
E provides “proof of identity” to CA. p p yCA creates certificate binding E to its public key.certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”CA says this is E s public key
Bob’s public
k K +digital
signature( t)
K B+
key K B
Bob’s id tif i
(encrypt)
CA private
key K CA-
B
certificate for Bob’s public key,
Network Security 1-129
identifying information
key CA Bob s public key, signed by CA
![Page 130: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/130.jpg)
Certification AuthoritiesfWhen Alice wants Bob’s public key:
gets Bob’s certificate (Bob or elsewhere)gets Bob s certificate (Bob or elsewhere).apply CA’s public key to Bob’s certificate, get Bob’s public keyp y
Bob’s public
digitalsignatureK B
+public
key K B+signature
(decrypt)
CA p bli +
B
publickey
K CA+
Network Security 1-130
![Page 131: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/131.jpg)
A certificate contains:Serial number (unique to issuer)info about certificate owner including algorithm info about certificate owner, including algorithm and key value itself (not shown)
info about certificate certificate issuervalid datesdigital signature by issuerissuer
Network Security 1-131
![Page 132: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/132.jpg)
Security OverviewSecur ty Overv ew
What is network security?What is network security?Principles of cryptographySecurity RequirementsSecurity RequirementsKey Distribution and certificationAcc ss c nt l: fi llsAccess control: firewallsAttacks and counter measuresS it i lSecurity in many layers
Network Security 1-132
![Page 133: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/133.jpg)
Firewalls
isolates organization’s internal net from larger firewallisolates organization s internal net from larger Internet, allowing some packets to pass, blocking others.
administerednetwork
publicInternet
firewall
Network Security 1-133
firewall
![Page 134: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/134.jpg)
Firewalls: Whyyprevent denial of service attacks:
SYN fl di tt k t bli h b SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections.
prevent illegal modification/access of internal data.e.g., attacker replaces CIA’s homepage with
thi lsomething elseallow only authorized access to inside network (set of
authenticated users/hosts)authenticated users/hosts)two types of firewalls:
application-level
Network Security 1-134
pppacket-filtering
![Page 135: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/135.jpg)
Packet Filtering Should arriving packet be allowed F g packet be allowed
in? Departing packet let out?
internal network connected to Internet viarouter firewallrouter filters packet-by-packet, decision to forward/drop packet based on:forward/drop packet based on:
source IP address, destination IP addressTCP/UDP source and destination port numbersICMP message type
Network Security 1-135
ICMP message typeTCP SYN and ACK bits
![Page 136: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/136.jpg)
Packet FilteringgExample 1: block incoming and outgoing datagrams with IP protocol field = 17 (UDP) and g p f ( )with either source or dest port = 23 (telnet).
All incoming and outgoing UDP flows and telnet connections are blockedconnections are blocked.Protocols: www.iana.org/assignments/protocol-numbersP l i / i /Protocols: www.iana.org/assignments/port-numbers.
Example 2: Block inbound TCP segments with p gACK=0.
Prevents external clients from making TCP connections with internal clients but allows
Network Security 1-136
connections with internal clients, but allows internal clients to connect to outside.
![Page 137: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/137.jpg)
Application gateways gateway-to-remote pp g y
Filters packets on
host-to-gatewaytelnet session
g yhost telnet session
papplication data as well as on IP/TCP/UDP fields.Example: allow select
applicationgateway
router and filter
Example: allow select internal users to telnet outside.
1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet connection to
d t h t G t l d t b t 2 tidest host. Gateway relays data between 2 connections3. Router filter blocks all telnet connections not originating
from gateway.
Network Security 1-137
![Page 138: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/138.jpg)
Limitations of firewalls and gatewaysg y
IP spoofing: router can’t know if data
filters often use all or thi li f UDPcan t know if data
“really” comes from claimed source
nothing policy for UDP.tradeoff: degree of communication with
if multiple app’s. need special treatment, each has own app gateway
communication with outside world, level of security
hi hl t t d has own app. gateway.client software must know how to contact
many highly protected sites still suffer from attacks.
gateway.e.g., must set IP address of proxy in Web
Network Security 1-138
f p ybrowser
![Page 139: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/139.jpg)
Security OverviewSecur ty Overv ew
What is network security?What is network security?Principles of cryptographySecurity RequirementsSecurity RequirementsKey Distribution and certificationAcc ss c nt l: fi llsAccess control: firewallsAttacks and counter measuresS it i lSecurity in many layers
Network Security 1-139
![Page 140: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/140.jpg)
Internet security threatsyMapping:
before attacking: “case the joint” find out before attacking: case the joint – find out what services are implemented on networkUse ping to determine what hosts have addresses on networkPort-scanning: try to establish TCP connection to each port in sequence (see what happens)to each port in sequence (see what happens)nmap (http://www.insecure.org/nmap/) mapper: “network exploration and security auditing”p y g
Countermeasures?
Network Security 1-140
![Page 141: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/141.jpg)
BackgroundBackground
Scanners OS Fingerprinting
Sniffers/Protocol AnalyzersSniffers/Protocol AnalyzersOh my!!!
Network Security 1-141
![Page 142: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/142.jpg)
Background: ScannersWhat is a scanner?
Background Scanners
A scanner, in network terms, is a program that traverses through a network given a set of targets and returns information based on a set of given criteria.
Types of scanners includeIP Scanners: Returns a list of active IPs
• Superscan , NMAPPort/ Service scanners: Returns what ports are open on a target and what services are being provided on it.g p
• IPTools, NMAPVulnerability Scanners: Returns a list of exploits which the target might be vulnerable to.
• Nessus RetinaNessus, RetinaNAT Scanners: attempts to determine the number of systems running behind the natted firewall and their operating systems
• firewalk
Network Security 1-142
![Page 143: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/143.jpg)
Background: OS Fingerprinting ToolsBackground: OS Fingerprinting Tools
What is OS fingerprinting?A technique which queries the TCP/IP Stack of a host to determine what operating system is running on it.
There are two different types of OS fingerprinting tools,Active:
G t s t k t ffi • Generates network traffic • May be detected• Specially crafted packets• Catches variability's in TCP/IP stack• Catches variability s in TCP/IP stack
Passive: • No traffic is generated• Virtually undetectable
Network Security 1-143
• Virtually undetectable
![Page 144: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/144.jpg)
Background: OS Fingerprinting Tools
Early toolsSIRC Roger Espel Llima . AKA: orabidoo (NMAP predecessors)
• attempted to place a host in os classes; Linux 4 4bsd win95 or unknown• attempted to place a host in os classes; Linux, 4.4bsd, win95 or unknown
CHECKOS, by Shok (NMAP predecessors)• very similar to SIRC-
was never suppose to go public• was never suppose to go public
SS, by SU1d (NMAP successor)• identified 12 different operating systems• the networking code was from NMAP• the networking code was from NMAP
Queso, Jordi Murgo, AKA:Savage, Apostols (NMAP successor)• first program to move the fingerprinting out of the code and into a separate file.
Made adding a new operating system easier.
Network Security 1-144
![Page 145: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/145.jpg)
Background: OS Fingerprinting Tools
Today's toolsXprobe2, by Ofir Arkin, http://www.sys-ssecurity.com
U ICMP th th d t d fi i ti• Uses ICMP as the method to do fingerprinting• Generates fingerprints of systems scanned
NMAP, by Fyodor, http://www.isecure.org• detects 100’s of different OS versions and network devices• By far the most sophisticated fingerprinting tool on the net
– IP/Service scanner– Portscanner– OS fingerprintingOS fingerprinting– Network Device fingerprinting– 12 different modes of scanning– 4 different ways to discover systems
8 diff k difi i i ( l l i l– 8 different packet modification options (you can select multiple options simultaneously)
– 6 different timing options and 6 different method of detecting
Network Security 1-145
![Page 146: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/146.jpg)
Background: OS Fingerprinting ToolsT day's t lsToday s tools
Passive ToolsSiphon, by Subterrain Security Group
• http://www.blackhat.com/presentations/bh-usa-01/AbadBeddoe/1• Runs as a service and logs detected operating systems to a file and
dstdout
P0f, by Michal Zalewski• http://lcamtuf.coredump.cx/p0f.shtml• Analyzes tcpdump formatted files• Excellent tool for network analysis to use with windump and
tcpdump
Network Security 1-146
![Page 147: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/147.jpg)
Background: SniffersBackground Sn ffersWhat is a sniffer?
• A program that puts the systems network interface in promiscuous mode allowing the A program that puts the systems network interface in promiscuous mode allowing the monitoring and analysis of network traffic
Types of sniffers;Command line (CLI) sniffers:
• Data is viewed in a pretty raw format: TCPdump. Windump, snort, sniffit• Sniffit was one of the first sniffers with a GUI
Protocol Analyzers:• Graphical Interfaces; Etherpeek, Iris, SniffITPro, Netasyst, Ethereal• In addition to what a sniffer can do, Protocol analyzers can;
provide detailed and formatted protocol information– provide detailed and formatted protocol information– Able to generates reports and in many cases has some intelligence– Assist in troubleshooting network problems
• Both software and hardware based
non-switch networks: sniffit and all of the abovenon-switch networks: sniffit and all of the aboveswitched networks: ettercap
• The other sniffer/protocol analyzers can sniff a network providing they are connected to what is called a mirrored port.
Network Security 1-147
![Page 148: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/148.jpg)
A Detailed view: Analyzing the ToolsAnalyzing the Tools
and the traffic they generatePart 1Part 1
Network Security 1-148
![Page 149: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/149.jpg)
Active OS Fingerprinting Tools:NMAP “J k f ll t d ”NMAP “Jack of all trades”
IP SIP Scannernmap -sS –P0 <ip range>
• Action: send syn, recv syn-ack, send rst nmap –sT –P0 <ip range>
A ti k d k k d t• Action: syn, recv syn-ack, send syn-ack-ack, send rstPort Scanner
nmap -sT –P0 –p<port range> <target>• Action: send syn, recv syn-ack, send syn-ack-ack, send rst
S i SService Scannernmap <target>
OS fingerprintingg p gnmap –O –P0 <target>
Scan Analysis ☺
Network Security 1-149
![Page 150: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/150.jpg)
ResourcesResources
Web SitesWeb Siteshttp://www.isecure.orghttp://www.sys-security.comhttp://securify.packetstorm.orghttp //s cur fy.pac tstorm.orghttp://www.protocols.comhttp://www.sans.orghttp://www.networksorcery.com/enp/default0601.htm
Booksk hNetwork Intrusion Detection, Northcutt
TCP/IP Illustrated vol1, Stevens
Network Security 1-150
![Page 151: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/151.jpg)
Internet security threatsyMapping: countermeasures
record traffic entering networkrecord traffic entering networklook for suspicious activity (IP addresses, ports being scanned sequentially)g q y)
Network Security 1-151
![Page 152: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/152.jpg)
Internet security threatsyPacket sniffing:
broadcast mediabroadcast mediapromiscuous NIC reads all packets passing bycan read all unencrypted data (e.g. passwords)can read all unencrypted data (e.g. passwords)e.g.: C sniffs B’s packets
A C
Bsrc:B dest:A payload
Network Security 1-152
Countermeasures?
![Page 153: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/153.jpg)
Internet security threatsyPacket sniffing: countermeasures
all hosts in orgnization run software that all hosts in orgnization run software that checks periodically if host interface in promiscuous mode.one host per segment of broadcast media (switched Ethernet at hub)
A C
Bsrc:B dest:A payload
Network Security 1-153
![Page 154: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/154.jpg)
Internet security threatsyIP Spoofing:
can generate “raw” IP packets directly from can generate raw IP packets directly from application, putting any value into IP source address fieldreceiver can’t tell if source is spoofede.g.: C pretends to be B
A C
Bsrc:B dest:A payload
Network Security 1-154
BCountermeasures?
![Page 155: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/155.jpg)
Internet security threatsyIP Spoofing: ingress filtering
routers should not forward outgoing packets u u f w u g g pwith invalid source addresses (e.g., datagram source address not in router’s network) great but egress filtering can not be mandated great, but egress filtering can not be mandated for all networks
A C
Bsrc:B dest:A payload
Network Security 1-155
B
![Page 156: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/156.jpg)
Internet security threatsyDenial of service (DOS):
flood of maliciously generated packets “swamp” flood of maliciously generated packets swamp receiverDistributed DOS (DDOS): multiple coordinated ( ) psources swamp receivere.g., C and remote host SYN-attack A
A C
SYNSYN
BSYNSYNSYN
SYN
Network Security 1-156SYNSYNCountermeasures?
![Page 157: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/157.jpg)
Internet security threatsyDenial of service (DOS): countermeasures
filter out flooded packets (e.g., SYN) before reaching p g ghost: throw out good with badtraceback to source of floods (most likely an innocent, compromised machine)
A C
SYNSYN
BSYNSYNSYN
SYN
Network Security 1-157SYNSYN
![Page 158: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/158.jpg)
OutlineOutl neWhat is network security?P i i l f t hPrinciples of cryptographyAuthenticationIntegrityK Di ib i d ifi iKey Distribution and certificationAccess control: firewallsAttacks and counter measuresSecurity in many layers
Secure emailSecure socketsSecure socketsIPsec802.11 WEP
Network Security 1-158
![Page 159: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/159.jpg)
Secure e-mail using public keym g p yAlice wants to send confidential e-mail, m, to Bob.
K
KS( ). KS(m )m
KS
KS( ). mKS(m )
K ( ).+
+ - KSInternet
KB( ).-K KB( ).KB(KS )+
KB+
KB( ).KB-
KS KB(KS )+
Alice:generates random symmetric private key, KS.encrypts message with KS (for efficiency)l h B b’ bl k
Network Security 1-159
also encrypts KS with Bob’s public key.sends both KS(m) and KB(KS) to Bob.
![Page 160: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/160.jpg)
Secure e-mail (continued)m ( )• Alice wants to provide sender authentication message integritymessage integrity.
KA- KA
+
H( ). KA( ).-
+
H(m )KA(H(m))-m KA( ).+KA(H(m))-
compare+ -Internet
m mH( ). H(m )
compare
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
Network Security 1-160
sends both message (in the clear) and digital signature.
![Page 161: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/161.jpg)
Secure e-mail (continued)( )
• Alice wants to provide secrecy, sender authentication, message integritymessage integrity.
H( ). KA( ).- KA(H(m))-m
KA-
KSH( ) KA( )
+
m
KS( ).S
m
KB( ).+
+
K (K )+
Internet
KS
Alice uses three keys: her private key, Bob’s public
KB(KS )KB+
Network Security 1-161
y p y, pkey, newly created symmetric key
![Page 162: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/162.jpg)
Pretty good privacy (PGP)y g p y ( )
Internet e-mail encryption A PGP signed message:ypscheme, de-facto standard.uses symmetric key cryptography, public key
---BEGIN PGP SIGNED MESSAGE---Hash: SHA1
g g
cryptography, hash function, and digital signature as described.
Bob:My husband is out of town tonight.Passionately yours, Alice
provides secrecy, sender authentication, integrity.inventor, Phil Zimmerman,
---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ
was target of 3-year federal investigation.
hFEvZP9t6n7G6m5Gw2---END PGP SIGNATURE---
Network Security 1-162
![Page 163: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/163.jpg)
Secure sockets layer (SSL)y ( L)
transport layer server authentication:transport layer security to any TCP-based app using SSL s i s
SSL-enabled browser includes public keys for trusted CAs.B services.
used between Web browsers, servers for
Browser requests server certificate, issued by trusted CA.Browser uses CA’s browsers, servers for
e-commerce (shttp).security services:
Browser uses CA s public key to extract server’s public key from certificate.
server authenticationdata encryption client authentication
check your browser’s security menu to see its trusted CAs.
Network Security 1-163
(optional)its trusted CAs.
![Page 164: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/164.jpg)
SSL (continued)Encrypted SSL session:
Browser generates SSL: basis of IETF Transport Layer g
symmetric session key, encrypts it with server’s public key sends
Security (TLS).SSL can be used for non Web applications public key, sends
encrypted key to server.Using private key, server
non-Web applications, e.g., IMAP.Client authentication g p y
decrypts session key.Browser, server know session key
can be done with client certificates.
session keyAll data sent into TCP socket (by client or server) encrypted with session key
Network Security 1-164
encrypted with session key.
![Page 165: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/165.jpg)
What is IPSec (Microsoft Technet)?( )
“Internet Protocol security (IPSec) is a framework of open standards for helping to ensure private, secure communications over Internet Protocol (IP) networks through the use of ( ) gcryptographic security services. IPSec supports network-level data integrity, data confidentiality, data origin authentication, and replay protection Because IPSec is integrated at the Internetand replay protection. Because IPSec is integrated at the Internet layer (layer 3), it provides security for almost all protocols in the TCP/IP suite, and because IPSec is applied transparently to applications, there is no need to configure separate security for each application that uses TCP/IP. “
Network Security 1-165
![Page 166: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/166.jpg)
IPsec: Network Layer SecurityL y yNetwork-layer secrecy:
sending host encrypts the For both AH and ESP, source, sending host encrypts the data in IP datagramTCP and UDP segments; ICMP and SNMP
destination handshake:create network-layer logical channel called a ICMP and SNMP
messages.Network-layer authentication
destination host can
security association (SA)Each SA unidirectional.Uniquely determined by:destination host can
authenticate source IP address
Two principle protocols:
q y ysecurity protocol (AH or ESP)source IP addressTwo principle protocols:
authentication header (AH) protocol
l i i
source IP address32-bit connection ID
Network Security 1-166
encapsulation security payload (ESP) protocol
![Page 167: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/167.jpg)
Authentication Header (AH) Protocol
provides source authentication, data
AH header includes:connection identifier
integrity, no confidentialityAH header inserted
connection identifierauthentication data: source- signed message di t l l t d AH header inserted
between IP header, data field.
digest calculated over original IP datagram.next header field:
protocol field: 51intermediate routers process datagrams as
next header field specifies type of data (e.g., TCP, UDP, ICMP)
process datagrams as usual
IP h d d t ( TCP UDP s m nt)AH h d
Network Security 1-167
IP header data (e.g., TCP, UDP segment)AH header
![Page 168: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/168.jpg)
ESP ProtocolE
provides secrecy, host ESP authentication authentication, data integrity.data ESP trailer
field is similar to AH authentication field.P t l 50 data, ESP trailer
encrypted.next header field is in ESP
Protocol = 50.
trailer.
encryptedauthenticated
IP header TCP/UDP segmentESPheader
ESPtrailer
ESPauthent.
encrypted
Network Security 1-168
![Page 169: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/169.jpg)
IEEE 802.11 securityEEE . y
War-driving: drive around Bay area, see what 802.11 g ynetworks available?
Thousands accessible from public roadways85% use no encryption/authentication85% use no encryption/authenticationpacket-sniffing and various attacks easy!
Wired Equivalent Privacy (WEP): authentication as in q yprotocol ap4.0
host requests authentication from access pointaccess point sends 128 bit nonceaccess point sends 128 bit noncehost encrypts nonce using shared symmetric keyaccess point decrypts nonce, authenticates host
Network Security 1-169
![Page 170: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/170.jpg)
IEEE 802.11 securityEEE . y
Wired Equivalent Privacy (WEP): data encryptionq y ( ) ypHost/AP share 40 bit symmetric key (semi-permanent)Host appends 24-bit initialization vector (IV) to create 64-bit key64 bit key used to generate stream of keys ki
IV64 bit key used to generate stream of keys, kiki
IV used to encrypt ith byte, di, in frame:ci = di XOR ki
IVi i i
IV and encrypted bytes, ci sent in frame
Network Security 1-170
![Page 171: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/171.jpg)
802.11 WEP encryption. WE yp
IV (per frame)
KS: 40-bit secret
symmetric
key sequence generator ( for given KS, IV)
symmetric k1
IV k2IV k3
IV … kNIV kN+1
IV… kN+1IV
d1 d2 d3 … dN
CRC1 … CRC4 plaintext
frame data plus CRC
802.11header IV
WEP-encrypted data plus CRC
c1 c2 c3 … cN
cN+1 … cN+4
plus CRC
Figure 7.8-new1: 802.11 WEP protocol Sender-side WEP encryption
Network Security 1-171
![Page 172: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/172.jpg)
Breaking 802.11 WEP encryptiong yp
Security hole: 24-bit IV, one IV per frame, -> IV’s eventually reusedIV transmitted in plaintext -> IV reuse detectedAtt kAttack:
Trudy causes Alice to encrypt known plaintext d1 d2d3 d4 d3 d4 … Trudy sees: ci = di XOR ki
IV
Trudy knows ci di, so can compute kiIVrudy knows ci di, so can compute ki
Trudy knows encrypting key sequence k1IV k2
IV k3IV …
Next time IV is used, Trudy can decrypt!
Network Security 1-172
![Page 173: Introduction to Network Security - CASmy.fit.edu/~gmarin/CSE5636/SecurityOverviewSection1Post.pdfIntroduction to Network Security Gerald A. Marin These slides are provided solely for](https://reader034.fdocuments.us/reader034/viewer/2022051602/5af21c4a7f8b9a8c308f5c6c/html5/thumbnails/173.jpg)
Network Security (summary)Network Secur ty (summary)Basic techniques…...
cryptography (symmetric and public)authentication
i t itmessage integritykey distribution
used in many different security scenarios…. used in many different security scenariossecure emailsecure transport (SSL)secure transport (SSL)IP sec802.11 WEP
Network Security 1-173