Network Security VII CN UNIT
-
Upload
murari-nayudu -
Category
Documents
-
view
213 -
download
0
Transcript of Network Security VII CN UNIT
-
8/22/2019 Network Security VII CN UNIT
1/96
Network Security
Introduction
Taxonomy
Conventional Encryption
Private Key Cryptography DES
Public Key Cryptography RSA
Message Digest
Authentication Protocols
Message Integrity Protocols
Public Key Distribution
Case Study: ATM
Firewalls
-
8/22/2019 Network Security VII CN UNIT
2/96
Network Security
Attacks, Services and Mechanisms
Security Attack:Any action that compromises the security of information.
Security Mechanism:A mechanism that is designed to detect, prevent,or recover from a security attack.
Security Service:A service that enhances the security of data processingsystems and information transfers. A security service makesuse of one or more security mechanisms.
-
8/22/2019 Network Security VII CN UNIT
3/96
Security Attacks
Inte
rruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticit
-
8/22/2019 Network Security VII CN UNIT
4/96
Security Attacks
Interruption: This is an attack on availability
Interception: This is an attack on confidentiality
Modification: This is an attack on integrity
Fabrication: This is an attack on authenticity
-
8/22/2019 Network Security VII CN UNIT
5/96
Taxonomy of network Security
Security
SecurityServices
CryptographyAlgorithms
Private Key(DES)
MessageDigest(MD5)
Privacy Authentication MessageIntegrity
Public Key(RSA)
-
8/22/2019 Network Security VII CN UNIT
6/96
An encryption scheme has five ingredients: Plaintext
Encryption algorithm Secret Key
Ciphertext
Decryption algorithm
Security depends on the secrecy of thekey, not the secrecy of the algorithm
Conventional EncryptionPrinciples
-
8/22/2019 Network Security VII CN UNIT
7/96
Conventional EncryptionPrinciples
Private key cryptography
-
8/22/2019 Network Security VII CN UNIT
8/96
Cryptography
Classified along three independentdimensions:
The type of operations used for transformingplaintext to ciphertext
The number of keys used symmetric (single key)
asymmetric (two-keys, or public-key encryption) The way in which the plaintext is processed
-
8/22/2019 Network Security VII CN UNIT
9/96
Average time required for
exhaustive key searchKey Size(bits)
Number ofAlternative Keys
Time required at106 Decryption/s
32 232 = 4.3 x 109 2.15 milliseconds
56 256 = 7.2 x 1016 10 hours
128 2128 = 3.4 x 1038 5.4 x 1018years
168 2168 = 3.7 x 1050 5.9 x 1030years
-
8/22/2019 Network Security VII CN UNIT
10/96
Secret Key Encryption: DES
DES encrypts a 64-bit block of plaintext into 64 bits ofciphertext using a 56-bit key
symmetric: both participants share a single secret key
64-bit plaintext blocks 64-bit key (56-bits + 8-bit parity) 16 rounds of encryption.Each 64-bit plaintext block is mangled in a sequence ofparameterized iterations to produce a 64-bit ciphertextblock.
Encrypt withSecret key
Decrypt withSecret key
Plaintext
cipher text
Plaintext
-
8/22/2019 Network Security VII CN UNIT
11/96
-
8/22/2019 Network Security VII CN UNIT
12/96
-
8/22/2019 Network Security VII CN UNIT
13/96
-
8/22/2019 Network Security VII CN UNIT
14/96
-
8/22/2019 Network Security VII CN UNIT
15/96
-
8/22/2019 Network Security VII CN UNIT
16/96
The overall processing at eachiteration:
Li= Ri-1
Ri = Li-1 F(Ri-1, Ki)
Concerns about: The algorithm and the key length(56-bits)
Secret Key Encryption: DES
-
8/22/2019 Network Security VII CN UNIT
17/96
Public-Key Cryptography
Principles The use of two keys has consequences in:
key distribution, confidentiality and
authentication. The scheme has six ingredients
Plaintext
Encryption algorithm
Public and private key Ciphertext
Decryption algorithm
-
8/22/2019 Network Security VII CN UNIT
18/96
Encryption using Public-Keysystem
Bob -------- data ---------- Alice
-
8/22/2019 Network Security VII CN UNIT
19/96
Authentication using Public-KeySystem
Bob Alice
-
8/22/2019 Network Security VII CN UNIT
20/96
Applications for Public-KeyCryptosystems
Three categories:
Encryption/decryption: The senderencrypts a message with the recipients
public key. Digital signature:The sender signs a
message with its private key.
Key exchange: Two sides cooperate toexhange a session key.
-
8/22/2019 Network Security VII CN UNIT
21/96
Requirements for Public-KeyCryptography
1. Computationally easy for a party B togenerate a pair (public key KUb, privatekey KRb)
2. Easy for sender to generateciphertext:
3. Easy for the receiver to decryptciphertect using private key:
)(MEC KUb
)]([)( MEDCDM KUbKRbKRb
-
8/22/2019 Network Security VII CN UNIT
22/96
Requirements for Public-KeyCryptography
4. Computationally infeasibleto determineprivate key (KRb) knowing public key (KUb)
5. Computationally infeasible to recover
message M, knowing KUb and ciphertext C6. Either of the two keys can be used for
encryption, with the other used fordecryption:
)]([)]([ MEDMEDM KRbKUbKUbKRb
-
8/22/2019 Network Security VII CN UNIT
23/96
The RSA AlgorithmKey Generation
1. Selectp,q pand qboth prime2. Calculate n= px q
3. Calculate4. Select integer e5. Calculate d6. Destroy (n)7. Public Key KU = {e,n}8. Private key KR = {d,n}
)1)(1()( qpn)(1;1)),(gcd( neen
)(mod1 ned
-
8/22/2019 Network Security VII CN UNIT
24/96
The RSA AlgorithmKey Generation: Finding the GCD
-
8/22/2019 Network Security VII CN UNIT
25/96
The RSA AlgorithmKey Generation
-
8/22/2019 Network Security VII CN UNIT
26/96
The RSA AlgorithmKey Generation
-
8/22/2019 Network Security VII CN UNIT
27/96
-
8/22/2019 Network Security VII CN UNIT
28/96
The RSA Algorithm -Encryption
Plaintext: M
-
8/22/2019 Network Security VII CN UNIT
29/96
The RSA Algorithm -Encryption
-
8/22/2019 Network Security VII CN UNIT
30/96
The RSA Algorithm -Encryption
-
8/22/2019 Network Security VII CN UNIT
31/96
The RSA Algorithm -Decryption
Ciphertext: C
Plaintext: M = Cd (mod n)
-
8/22/2019 Network Security VII CN UNIT
32/96
Prove that the Decryption Works
1. Since ed = 1 (mod )2. So, there exists a k such that
ed = 1 + k 3. Now, if gcd(m,p) = 1, then by Fermets theorem
mp-1 1 (mod p)4. Raising both sides to the power k(q-1) and multiplying by m
m1+k(p-1)(q-1) m (mod p)
5. med m (mod p)
6. Similarly, med m (mod q)
7. Since p and q are distinct primes, med m (mod n)8. Hence cd = (me)d m (mod n)
-
8/22/2019 Network Security VII CN UNIT
33/96
Example of RSA Algorithm
-
8/22/2019 Network Security VII CN UNIT
34/96
-
8/22/2019 Network Security VII CN UNIT
35/96
Issues with RSA
Potential issues with RSA:
Since, ed = 1 (mod ),
there exists en integer k, such thated= 1+k
If gcd(m,p) = 1, by Fermats theorem
m(p-1) \equiv
-
8/22/2019 Network Security VII CN UNIT
36/96
Issues with RSA
Potential issues with RSA:
1. The values M = 0 or M = 1 always produce ciphertexts equal to 0 or1 respectively, due to the properties of exponentiation.
2. When encrypting with low encryption exponents (e.g., e = 3) and
small values of the M, the (non-modular) result ofM
e
may bestrictly less than the modulus n. In this case, ciphertexts may beeasily decrypted by taking the eth root of the ciphertext with noregard to the modulus.
3. Because RSA encryption is a deterministic encryption algorithmi.e., has no random component an attacker can successfullylaunch a chosen plaintext attack against the cryptosystem,
building a dictionary by encrypting likely plaintexts under thepublic key, and storing the resulting ciphertexts. When matchingciphertexts are observed on a communication channel, theattacker can use this dictionary in order to learn the content of themessage.
-
8/22/2019 Network Security VII CN UNIT
37/96
Issues with RSA
To avoid these problems, practical RSAimplementations typically embed some form ofstructured, randomized padding into the valueM before encrypting it. This padding ensures
that M does not fall into the range of insecureplaintexts, and that a given message, oncepadded, will encrypt to one of a large numberof different possible ciphertexts. The latter
property can increase the cost of a dictionaryattack beyond the capabilities of a reasonableattacker.
-
8/22/2019 Network Security VII CN UNIT
38/96
Different algorithms compared
-
8/22/2019 Network Security VII CN UNIT
39/96
Authentication protocols
SK session key, thesubsequent transmissiontakes place with this key.
The permanent secret keyis exposed for few transm-issions.
-
8/22/2019 Network Security VII CN UNIT
40/96
Authentication protocols
A wants to talk to BS: authentication serverT: timestamp, like the
random number xL: lifetime
K: session key, K isnot valid after L time.
Kerberos was a three-headed dog who guarded the gates of Hades.
-
8/22/2019 Network Security VII CN UNIT
41/96
-
8/22/2019 Network Security VII CN UNIT
42/96
Authentication protocols
-
8/22/2019 Network Security VII CN UNIT
43/96
Authentication using Public-KeyCryptography
Directory
Bob
Alice
1. Give me EB
2. Certified EB
3. EB (A, RA)
4. Give me EA
5. Certified EA
6. EA (RA, RB , KS)
7. KS
(RB)
-
8/22/2019 Network Security VII CN UNIT
44/96
Message Integrity protocols
The sender and the receiver do not bother about the eavesdropper is ableto read the message, only worried that an imposter may send messages pre-tending to be coming from one of them.
-
8/22/2019 Network Security VII CN UNIT
45/96
Message digest
Cryptographic checksum:just as a regular checksumprotects the receiver from accidental changes to themessage, a cryptographic checksum protects thereceiver from malicious changes to the message.
One-way function:given a cryptographic checksum fora message, it is virtually impossible to figure out whatmessage produced that checksum; it is notcomputationally feasible to find two messages thathash to the same cryptographic checksum.
Relevance:if you are given a checksum for a message& you are able to compute exactly the same checksumfor that message, then it is highly likely this messageproduced the checksum you were given.
-
8/22/2019 Network Security VII CN UNIT
46/96
Message digest
Properties:
Given Mit is easy to compute MD(M)
Given MD(M), it is effectively impossible to find M
Given M no one can find a M such that MD(M) = MD(M)
A change in input of even 1 bit produces a very different
output
-
8/22/2019 Network Security VII CN UNIT
47/96
Message integrity protocol
Keyed MD5:1. Sender and receiver shares a secret key k2. Sender : m + MD5(m+k)3. Receiver: concatenates k with m m+k
applies MD5 on this and compares.
Or:Sender picks up a key k:m+MD5(m+k)+E(E(k,rcv_public),snd_private)
Receiver retrieves k with public key of sender toconfirm that it has been from sender indeed, andthen retrieves k deciphering with its own privatekey. Then compares the concatenated Checksum.
-
8/22/2019 Network Security VII CN UNIT
48/96
Message integrity protocol
-
8/22/2019 Network Security VII CN UNIT
49/96
Public Key Distribution
-
8/22/2019 Network Security VII CN UNIT
50/96
Public Key Distribution
Certificate:
-
8/22/2019 Network Security VII CN UNIT
51/96
Certificate:
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,
OU=Certification Services Division, CN=Thawte Server
Validity Not Before: Jul 9 16:04:02 1998 GMT
Not After: Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/[email protected]
Subject Public Key Info: Public Key
Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:
b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:
c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:
b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:
-
8/22/2019 Network Security VII CN UNIT
52/96
P bli K Di t ib ti
-
8/22/2019 Network Security VII CN UNIT
53/96
Public Key Distribution
P bli K I f t t (PKI)
-
8/22/2019 Network Security VII CN UNIT
54/96
Public Key Infrastructure (PKI)
Challenge: The authenticity of the public keys.
Attacks: Man-in-the-middle attack.
PKI: It is a secure system that is used to manage and control certificates.
PKI is an infrastructure It should function without the active intervention of the user.
A software in the users computer carries out the task.
PKI uses the technique of public key cryptography
This is used to eliminate the need of prior shared key as used in
private key cryptography
P bli K I f t t (PKI)
-
8/22/2019 Network Security VII CN UNIT
55/96
Public Key Infrastructure (PKI)SSL: Secure socket layer (TLS: Transport Layer Security)
An overview:
SSL session can be used for the purchase of goods online.
Alice (client) wants to buy something from Bob(server).
Steps:
1. Alice and Bob introduce themselves. No cryptographic tool is used. (Hello).
2. Here, Alice and Bob agree on the specific cryptographic algorithm
going to be used for the rest of the session.
3. Bob authenticates himself.
Sends Alice a certificate containing his Public Key PK signed by a certification
authority.
4. Alice verifies the CAs signature by using the public key of CA.5. Alice produces a random master secret MS.
6. Alice encrypts MS with the public key Bob.
7. Bob decrypts the master secret MS.
8. Bob generates K1 and K2 using a function on MS
9. Alice generates the same set K1 and K2 using the same function on MS.
10. K1 is used to authenticate data, K2 used for encryption and decryption.
P bli K I f t t (PKI)
-
8/22/2019 Network Security VII CN UNIT
56/96
Public Key Infrastructure (PKI)
P bli K I f t t (PKI)
-
8/22/2019 Network Security VII CN UNIT
57/96
Public Key Infrastructure (PKI)SSL: Secure socket layer
Only server is required to produce a certificate.
The server is only interested in the authenticity of the credit card number of the client.
The credit card number etc. are encrypted using a message authentication.
C tifi t
-
8/22/2019 Network Security VII CN UNIT
58/96
Certificates
X.509 certificates contain the following fields:
1. Version no: The current version of X.509 is 2.
2. Serial Number: A number assigned to each certificate. (a
unique number)
3. Signature: Algorithm used to sign the certificate including
the parameters, if any.
4. Issuer: Identifies the certification authority (country->state-
>organization->department ..so on.)
5. Period of validity: Earliest time and the latest time the
certificate is valid.
C tifi t
-
8/22/2019 Network Security VII CN UNIT
59/96
Certificates
6. Subject: Defines the entity to which the public key belongs.Contains the common name of the subject.
7. Subjects public key: Public key + the corresponding
algorithm along with its parameters
8. Issuer unique identifier: Optional. Allows two issuers to
have the same value if the issuer unique identifier is
different.
9. Subject Unique identifier: Optional.
10. Extension: Allows addition of more private information to
the certificate.11. Encrypted: Algorithm identifier + secure hash of other
fields + digital signature of the hash.
C tific t s
-
8/22/2019 Network Security VII CN UNIT
60/96
Certificates
X.509 certificates were originally defined using X.500
names for subject names.X.500 names have a hierarchical format, such as
where "C" denotes country, "O" denotes organization,
"OU" denotes organizational unit and "CN" denotes
common name. Subject names are actually encodednumerically, using object identifiers (OIDs). So, for
example, instead of containing the alphabetic string
"Microsoft," the certificate will contain a numerical OID
that stands for "Microsoft."
-
8/22/2019 Network Security VII CN UNIT
61/96
Global Naming Hierarchy
fddimib (73)
fddi (15)
dod (6)
internet (1)
directory (1) mgmt(2) experimental (3) private (4)
mib (1)
system (1) interfaces (2) transmission(10)
ccitt(0) iso (1) joint-iso-ccitt (2)
standard (0)
iso9314 (9314)
fddiMIB (1)
org (3)
fddi (8)
Internet SMI is this
subtree
Certificate:
-
8/22/2019 Network Security VII CN UNIT
62/96
Data:
Version: 1 (0x0)
Serial Number: 7829 (0x1e95)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc,OU=Certification Services Division, CN=Thawte Server
Validity Not Before: Jul 9 16:04:02 1998 GMT
Not After: Jul 9 16:04:02 1999 GMT
Subject: C=US, ST=Maryland, L=Pasadena, O=Brent Baccala,
OU=FreeSoft, CN=www.freesoft.org/[email protected]
Subject Public Key Info: Public Key
Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit): 00:b4:31:98:0a:c4:bc:62:c1:88:aa:dc:b0:c8:bb: 33:35:19:d5:0c:64:
b9:3d:41:b2:96:fc:f3:31:e1: 66:36:d0:8e:56:12:44:ba:75:eb:e8:1c:9c:5b:66: 70:33:52:14:c9:ec:4f:91:51:70:39:de:53:85:17: 16:94:6e:ee:f4:d5:6f:d5:ca:b3:47:5e:1b:0c:7b:
c5:cc:2b:6b:c1:90:c3:16:31:0d:bf:7a:c7:47:77: 8f:a0:21:c7:4c:d0:16:65:00:c1:0f:d7:
b8:80:e3: d2:75:6b:c1:ea:9e:5c:5c:ea:7d:c1:a1:10:bc:b8: e8:35:1c:9e:27:52:7e:41:8f
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
93:5f:8f:5f:c5:af:bf:0a:ab:a5:6d:fb:24:5f:b6:59:5d:9d: 92:2e:4a:1b:8b:ac:7d:99:17:5d:cd:
Certificate Revocation
-
8/22/2019 Network Security VII CN UNIT
63/96
Certificate Revocation
When is it required?
When a certificate becomes invalid.
How does a certificate become invalid?
When the private key of the subject is compromised.
CRL: Certificate Revocation List
Contains the list of serial numbers of all certificates
that are revoked but not expired.
The CRL is signed by the CA for authenticity.
Certificate Revocation
-
8/22/2019 Network Security VII CN UNIT
64/96
Certificate Revocation
Delta CRLS:
CRLs are updated periodically, the expired certificates
are removed from the CRL, the newly discarded
certificates are added.
Used for updating the CRL. It contains the new
revocations that have occurred since the last CRL or
delta CRL was issued.
CRLs may be issued on monthly basis whereas thedelta CRLs are used on daily basis.
Trust Models
-
8/22/2019 Network Security VII CN UNIT
65/96
Trust Models
Certificate path:
Often a certificate will not be signed by a trusted CA.
Rather, it is necessary to follow a certificate path
from a trusted CA to a given certificate. Each
certificate in the path is signed by the owner of the
previous certificate in the path. By validating all the
certificates in the path, the user can be confident
that the last certificate in the path is valid.
Trust Models
-
8/22/2019 Network Security VII CN UNIT
66/96
Trust Models
What is a trust model?
It specifies rules which determines how a certificate path
should be constructed.
Strict Hierarchy
-
8/22/2019 Network Security VII CN UNIT
67/96
Strict Hierarchy
Strict Hierarchy
-
8/22/2019 Network Security VII CN UNIT
68/96
Strict Hierarchy
1. Root CA has a self-signed certificate.2. The root CA is called the trust anchor.
3. It is a directed graph, whose nodes are CAs and end users.
4. x y means entity corresponding to x has signed a certificate for
the entity y.
5. An end user is not allowed to sign a certificate of the end user.
Bob provides all the certificates to Alice:
Networked PKI
-
8/22/2019 Network Security VII CN UNIT
69/96
Networked PKI
Mesh configuration:
The strict hierarchy may work well within an organization
When the root CA s of two or more different PKI domains are
connected then it is called networked PKIs.
3. Often termed as Super-PKI consisting of users of different
domains
4. Cross-certification: A CA signs the certificate of another CA.
5. All root CAs cross-certify each other.
6. If there are n root CAs then n(n-1) cross certifications are
required.
7. The bi-directed edges indicate the cross-certification
Networked PKI
-
8/22/2019 Network Security VII CN UNIT
70/96
Networked PKI
1. Hub and spoke configuration.
2. Each root CA cross certify independently withthe hub-CA.
3. The cross-certifications required are 2n.
Networked PKI
-
8/22/2019 Network Security VII CN UNIT
71/96
Networked PKI
Certificate Path discovery:
Mesh:
Alice needs to validate Bobs certificate.
Trust anchor of Alice: CAroot(i) and that of Bob CAroot(j). Bob sends certificates from CAroot(j) to Bob.
CA root(i) and CAroot(j) has croos certified each other.
Alice finds the certificate of CAroot(j) from the directory
maintained by CAroot(i).
Now, Alice will be able to verify the certificates.
Networked PKI
-
8/22/2019 Network Security VII CN UNIT
72/96
Networked PKI
Certificate Path discovery:Hub and spoke:
Web browser model
-
8/22/2019 Network Security VII CN UNIT
73/96
Web browser model
1. Most web browsers come prepared with a set ofindependent root CAs.
2. All of them are trust anchors.
3. There is no cross certification between the root CAs.
4. The virtual root CA is the web brpwser.
Web browser model
-
8/22/2019 Network Security VII CN UNIT
74/96
Web browser model
Issues:
The user does not have any information about
these pre-configured root CAs.
2. No mechanism to revoke a root CA from the web
browser.
3. There is no legal relationship between the user
and the set of CAs provided by the web browser.
4. There is no mechanism to update root CAs.
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
75/96
Pretty Good Privacy
1. Every user is his or her own CA.2. PGP certificate of a user contains
1. e-mail address ID,
2. public key PK
3. signature on (ID,PK).
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
76/96
Pretty Good Privacy
3. Let Bob give his certificate to Alice4. Alice adds it to the list of signatures on her certificate
Alice keeps a collection of certificates in a data structure
called a keyring
Each certificate of the keyring is associated with
OTF = OWNER TRUST FIELD
KLF = key legitimacy field
KLF indicates whether a particular is regarded as valid byALICE
KLF = valid, marginally valid, invalid
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
77/96
Pretty Good Privacy
Invalid key does not mean the key is invalid but it meansthat there is insufficient evidence to show that it is valid
OTF:
It indicates to which extent Alice trusts the key according
to her own judgement.
Implicitly trusted: Alices own OTF is implicitly trusted
Completely trusted:
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
78/96
Pretty Good Privacy
Once the OTF of all the certificates are set by ALICE, theKLF can be computed as follows:
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
79/96
Pretty Good Privacy
Example:Alices keyring:
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
80/96
Pretty Good Privacy
Because Alice has signed Bob's and Janet's certificates
and Alice trusts her own signatures implicitly, Bob's and
Janet's keys are regarded as valid by Alice.
Because Bob has signed Charlie's and Fred's
certificates and Alice trusts Bob's signatures completely,Charlie's and Fred's keys are regarded as valid by Alice.
Because Janet has signed Doris's certificate and Alice
trusts Janet's signatures completely, Doris's key isregarded as valid by Alice.
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
81/96
Pretty Good Privacy
Because Charlie and Fred have both signed Ginger's
certificate and Alice partially trusts both Charlie and
Fred, Ginger's key is regarded as valid by Alice.
Eve and Irene both have one signature from someonethat Alice partially trusts, so these keys are regarded by
Alice as marginally valid.
Harry has no signatures from anyone that Alice trusts atleast partially, so Harry's key is regarded as invalid by
Alice.
Pretty Good Privacy
-
8/22/2019 Network Security VII CN UNIT
82/96
Pretty Good Privacy
Not scalable
-Does not guarantee that it will detect forged certificates.
-No revocation mechanism
-The OTF is set by the user themselves.
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
83/96
A case study: ATM
The ATM keypad contains a built-in tamper-proofmaster key kM known only to the machine and thehost computer.
As the ATM starts up:
Sends a new daily keykDencrypted with kM and
an initial transaction keykT encrypted with kM
The initial kT is used for the first transaction.
For later transactions a new kT is calculated fromkT= (kT) xor (last MAC sent by the ATM)
This is called chaining the key kT.
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
84/96
A case study: ATM
It is done to make it impossible to record messagesfrom an ATM to its host machine and then playthem back at a later time.
At the later time the key kT will have altered since it isa function of kD and all the transactions that have
occurred since the last initial kT was loaded.A MAC (Message Authentication Code) used with an
ATM is a 64-bit number that is calculated from anunencrypted message by running it through DESwith key kD. The resulting 64-bit block is the MAC.
All transmissions are checked using a MAC. Ineffect the transaction key kT is itself subject toDES encryption.
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
85/96
A case study: ATM
For each transaction on an ATM:
1. The account number and name are read from thecard; the PIN is entered. Let us call this the`message'.
Message = a/c cumber+ name+ PIN2. From this `message' a corresponding MAC is
calculated and then the `message' is encryptedusing kT. Next the encrypted `message' and theMAC are sent to the host computer.
MAC = DES (Message, kD )
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
86/96
A case study: ATM
3. The host decrypts the encrypted `message' using kTto retrieve the `message'; the host then uses the`message' to calculate a MAC, and checks that thisis equal to the MAC sent with the encrypted`message'. [This authenticates the message ashaving come from the ATM.] The host then checksthe account details and PIN on its database, and ifeverything checks out correctly it then replies witha `go ahead' message encrypted with kT, and
followed by its own MAC.4. You enter the data for the transaction, and another`message' is constructed by the ATM, includingthe date, time, ATM number, a sequence number,and details of the transaction. This is encrypted by
the ATM using kT and sent (along with its MAC).
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
87/96
A case study: ATM
5. After authenticating the MAC as before, and afterchecking the account balance etc., the host sendsas `OK to pay' message including the new balanceetc., again encrypted using kT and with its ownMAC. You get paid.
A t d ATM
-
8/22/2019 Network Security VII CN UNIT
88/96
A case study: ATM
ATM HostkM kM
At start up generate a key kD for the day and first kTE(kD,kM) + E(kT,kM)Message1= A/C No.+Name+PINMAC1=E(Message1,kD)MAC1+E(Mesage1,kT)
D(E(Message1,kT),kT)Message1MAC=(Message1,kD)if(MAC==MAC1)
{ check the PIN;Message2=Go aheadMAC2,E(Message2,kT)
}else /* abort*/
Checks message and MACMessage3= Date+time+ATM No.+seq no.
+Details of transactionkT=kT xor MAC1 kT=kT xor MAC1MAC3, E(Message3,kT) checks the MAC and Message
check the account balance
Message4=OK+new balanceMAC4+E(Message4,kT)
Check the message and MACPAY.
Chaining of kT
Check
Message
and MAC
ATM HostkM kMAt start up generate a key kD for the day
shared
-
8/22/2019 Network Security VII CN UNIT
89/96
and first kTE(kD,kM) + E(kT,kM) Host decrypts to findMessage1= A/C No.+Name+PIN KD and KTMAC1=E(Message1,kD)
MAC1+E(Mesage1,kT)D(E(Message1,kT),kT)Message1MAC=(Message1,kD)if(MAC==MAC1)
{ check the PIN;Message2=Go ahead
MAC2,E(Message2,kT)}else /* abort*/
Checks message and MACMessage3= Date+time+ATM No.+seq no.
+Details of transactionkT=kT xor MAC1 kT=kT xor MAC1
MAC3, E(Message3,kT) checks the MAC and Messagecheck the account balanceMessage4=OK+new balanceMAC4+E(Message4,kT)
Check the message and MACPAY.
Chaining of kT
Check
Message
and MAC
Fi lls
-
8/22/2019 Network Security VII CN UNIT
90/96
Firewalls
Definition:A specially programmed router sitting between a site and therest of the network.
Throw away incoming packets from a particular source (preventsdenial-of-service attack).
1. Throw away packets addressed to a particular IP/port.2. Not all security mechanisms are widely deployed.
3. A firewall allows a system administrator to implementsecurity mechanisms in a centralised place.
Two types of firewalls:a) Filter-based firewalls b) Proxy-based firewalls
Filt b s d Fi lls
-
8/22/2019 Network Security VII CN UNIT
91/96
Filter-based Firewalls
Configured with a table of addresses that characterize the packets theywill, or they will not, forward.
(192.12.13.14, 1234, 128.7.6.5, 80)
All packets from 192.12.13.14 and port 1234 addressed to 128.7.6.5 at
port 80 are filtered.(*, *, 128.7.6.5, 80) filter all packets destined for 128.7.6.5 at port 80.
Issues:
1. Blocking or non blocking: Block everything unless otherwise
mentioned(*,*, 128.7.6.5, 80) but allow this traffic.
2. Dynamic port selection: ftp uses a specific port for connection setup but uses different port for subsequent transfer of data. Sodynamic port selection is required for such situations.
Active ftp
1. The client's commandport contacts the
server's command
-
8/22/2019 Network Security VII CN UNIT
92/96
Active ftpport and sends the
command PORT 1027.
2. Server then sends
an ACK back to the
client's command port.
3. Server initiates a
connection on its local
data port to the data port
the client specified earlier
4. Client sends an ACK
back
Server side firewall:
1. FTP server's port 21 from anywhere (Client initiates connection)
2. FTP server's port 21 to ports > 1023 (Server responds to client's control port)
3. FTP server's port 20 to ports > 1023 (Server initiates data connection to client's data port)
4. FTP server's port 20 from ports > 1023 (Client sends ACKs to server's data port)
Client side firewall:
When server connects back
to the specified port on the
client (3), this appears to
be an outside system
initiating a connection to
an internal client--
something that is usually
blocked.
Passive ftp1 Client contacts the server on
-
8/22/2019 Network Security VII CN UNIT
93/96
Passive ftp1. Client contacts the server oncommand port and issues the
PASV command.
2. Server replies with PORT 2024.
3. Client initiates data connection.
4. Server sends back an ACKto the client's data port.
Server Side: Issue is the need to allow any remote connection
to high numbered ports on the server.
Proxy based Firewalls
-
8/22/2019 Network Security VII CN UNIT
94/96
Proxy-based Firewalls
A proxy is a process sitting between a client and the server. To serverproxy appears to be the client and to client proxy appears to bethe server.
A proxy needs application knowledge built into it.Proxy can implement a cache, so it responds to a request from the cache.
Transparent proxy: Not visible to the client.
Classical proxy: the source explicitly addresses the request to the proxy.
Proxy-based FirewallsR t
-
8/22/2019 Network Security VII CN UNIT
95/96
hello
Remotesite
Remotesite
InternetFirewall
Compan
y net
Web
server
External client Proxy Local server
External TCP/IP connection Internal TCP/IP connection
1. Proxy has to understand HTTP.2. It can cache pages.3. It can do some load balancing.4. They can be extended for other than HTTP.
Firewalls: limitations
-
8/22/2019 Network Security VII CN UNIT
96/96
Firewalls: limitations
Internal users are not protected against each other.
So mobile codes cannot be prevented from spreadinglocally.
Wireless communication is another vulnerability.