Professional Documents
Culture Documents
Network Security
7: Network Security 2
What is network security?
Confidentiality: only sender, intended receiver
should “understand” message contents
sender encrypts message
receiver decrypts message
A C
7: Network Security 4
Internet security threats
IP Spoofing:
can generate “raw” IP packets directly from application, putting any value
into IP source address field
receiver can’t tell if source is spoofed
e.g.: C pretends to be B
A C
7: Network Security 5
Internet security threats
Denial of service (DOS):
flood of maliciously generated packets “swamp” receiver
Distributed DOS (DDOS): multiple coordinated sources swamp receiver
e.g., C and remote host SYN-attack A
A C
SYN
SYN
SYN SYN SYN
B
SYN
SYN
7: Network Security 6
Cryptography
Principles
7: Network Security 7
Friends and enemies: Alice, Bob, Trudy
well-known in network security world
Bob, Alice (lovers!) want to communicate “securely”
Trudy (intruder) may intercept, delete, add messages
Alice Bob
data, control
channel
messages
Trudy
8: Network Security 8-8
Who might Bob, Alice be?
… well, real-life Bobs and Alices!
Web browser/server for electronic
transactions (e.g., on-line purchases)
on-line banking client/server
DNS servers
routers exchanging routing table updates
other examples?
8: Network Security 8-
10
Symmetric
Key
Cryptography
7: Network Security 11
Symmetric key cryptography
substitution cipher: substituting one thing for another
monoalphabetic cipher: substitute one letter for another
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Cons: size
Pseudo Random Generator
G(R) = b ... b
1 n
Indistinguishable from random (efficiently)
7: Network Security 13
Symmetric key crypto: DES
DES: Data Encryption Standard
US encryption standard [NIST 1993]
56-bit symmetric key, 64 bit plaintext input
How secure is DES?
DES Challenge: 56-bit-key-encrypted phrase (“Strong
cryptography makes the world a safer place”) decrypted
(brute force) in 4 months
no known “backdoor” decryption approach
7: Network Security 14
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical “rounds” of
function application,
each using different
48 bits of key
final permutation
7: Network Security 15
Block Cipher chaining
How do we encode a large message
Would like to guarantee integrity
Encoding:
Ci = E[Mi Ci-1]
Decoding:
Mi = D[Ci] Ci-1
Malfunctions:
Loss
Reorder/ integrity
7: Network Security 16
Cipher block chaining (CBC)
Break plaintext into blocks
XOR previous round ciphertext with new plaintext
IV + + + +
7: Network Security 17
Cipher Block Chaining Mode
Cipher block chaining. (a) Encryption. (b) Decryption.
7: Network Security 18
DES performance
DES relies on confusion and diffusion
not mathematically proven to be secure
* source: http://www.ietf.org/proceedings/01dec/slides/ipsec-11.pdf
7: Network Security 19
Diffie-Hellman key exchange
protocol
Goal: Allow strangers establish a shared secret key
for later communication
Assume two parties (Alice and Bob) want to establish
a secret key.
Alice and Bob agree on two large numbers, n and g
usually, these are publicly known, and have some additional
conditions applied (e.g., n must be prime)
7: Network Security 20
Diffie-Hellman Key Exchange
Alice picks large x, Bob picks large y (e.g., 512 bits)
7: Network Security 21
Man in the middle attack
Eavesdropper can’t determine secret key (gxy mod
n) from (gx mod n) or (gy mod n)
However, how does Alice and Bob know if there is
a third party adversary in between?
7: Network Security 22
Exponentiation
Compute gx mod n
Expg,n (x)
Assume x = 2y + b
Let z = Expg,n (y)
R=z2
If (b=1) R = g R mod n
Return R
Complexity: logarithmic in x
7: Network Security 24
Public Key
Cryptography
7: Network Security 25
Public Key Cryptography
7: Network Security 26
Public key cryptography
+ Bob’s public
K
B key
- Bob’s private
K
B key
8: Network Security 8-
27
Public key encryption algorithms
7: Network Security 28
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
Magic d
m = (m e mod n) mod n
happens!
7: Network Security 30
RSA operation
7: Network Security 31
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z).
letter m me c = me mod n
encrypt:
l 12 1524832 17
d
decrypt:
c c m = cd mod n letter
17 481968572106750915091411825223072000 12 l
7: Network Security 32
RSA example
An example of the RSA algorithm.
p = 3, q = 11, n = 33, z = 20, d = 7
e found by solving 7e = 1 (mod 20)--> 3
7: Network Security 33
d
RSA: Why m = (m e mod n) mod n
• = m 1 mod n = m
7: Network Security 34
modified Diffie-Hellman Key
Exchange
Encrypt 1 with Bob’s public key, 2 with Alice’s public key
Prevents man-in-the-middle attack
Actually, nonces and a third message are needed to fully
complete this exchange (in a few slides)
7: Network Security 36
Authentication
7: Network Security 37
Authentication
Goal: Bob wants Alice to “prove” her identity
to him
Protocol ap1.0: Alice says “I am Alice”
“I am Alice”
Failure scenario??
8: Network Security 8-
38
Authentication
Goal: Bob wants Alice to “prove” her identity
to him
Protocol ap1.0: Alice says “I am Alice”
in a network,
Bob can not “see”
Alice, so Trudy simply
“I am Alice” declares
herself to be Alice
8: Network Security 8-
39
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Alice’s
IP address
“I am Alice”
Failure scenario??
8: Network Security 8-
40
Authentication: another try
Protocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
8: Network Security 8-
41
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Alice’s Alice’s
“I’m Alice”
IP addr password
8: Network Security 8-
42
Authentication: another try
Protocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Alice’s Alice’s
“I’m Alice”
IP addr password
playback attack: Trudy
Alice’s records Alice’s packet
OK
IP addr and later
plays it back to Bob
Alice’s Alice’s
“I’m Alice”
IP addr password
8: Network Security 8-
43
Authentication: yet another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Alice’s encrypted
“I’m Alice”
IP addr password
8: Network Security 8-
44
Authentication: another try
Protocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Alice’s encrypted
“I’m Alice” record
IP addr password
and
Alice’s
OK playback
IP addr
still works!
Alice’s encrypted
“I’m Alice”
IP addr password
8: Network Security 8-
45
Authentication: yet another try
Goal: avoid playback attack
Nonce: number (R) used only once –in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R.
Alice
must return R, encrypted with shared secret key
“I am Alice”
R
KA-B(R) Alice is live, and
only Alice knows
key to encrypt
nonce, so it must
Failures, drawbacks? be Alice!
8: Network Security 8-
46
Authentication: ap5.0
ap4.0 requires shared symmetric key
can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”
Bob computes
R + -
- KA(KA (R)) = R
K A (R) and knows only Alice
“send me your public key”
could have the private
+ key, that encrypted R
KA such that
+ -
K (K (R)) = R
A A
8: Network Security 8-
47
ap5.0: security hole
Man (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice I am Alice
R -
K (R)
T
R - Send me your public key
K (R) +
A K
T
Send me your public key
+
K
A +
K (m)
Trudy gets T
- +
+ m = K (K (m))
K (m)
A sends T T Alice
m to
- + encrypted with
m = K (K (m))
A A Alice’s public key
8: Network Security 8-48
ap5.0: security hole
Man (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Difficult to detect:
Bob receives everything that Alice sends, and vice
versa. (e.g., so Bob, Alice can meet one week later and
recall conversation)
problem is that Trudy receives all messages as well!
7: Network Security 50
Digital Signatures
Cryptographic technique Simple digital signature
analogous to hand- for message m:
written signatures. Bob decrypts m with his
Sender (Bob) digitally signs private key dB, creating
document, establishing he signed message, dB(m).
is document owner/creator.
Bob sends m and dB(m) to
Verifiable, nonforgeable:
Alice.
recipient (Alice) can verify
that Bob, and no one else,
signed document.
Assumption:
eB(dB(m)) = dB(eB(m))
RSA
7: Network Security 51
Digital Signatures (more)
Suppose Alice receives Alice thus verifies that:
msg m, and digital Bob signed m.
signature dB(m)
No one else signed m.
Alice verifies m signed
Bob signed m and not m’.
by Bob by applying Bob’s
public key eB to dB(m) Non-repudiation:
then checks eB(dB(m) ) = Alice can take m, and
7: Network Security 52
Message Digests
7: Network Security 53
Hash Function Algorithms
Internet checksum MD5 hash function widely
would make a poor used.
message digest. Computes 128-bit message
7: Network Security 54
MD5 for message integrity
Keyed MD5
assume sender, receiver share secret key k
sender: m + MD5(m + k)
(+ means concatenation in this notation)
receiver computes MD5(m + k) and sees if it
matches
7: Network Security 55
Digital signature = signed message digest
Alice verifies signature and
Bob sends digitally signed integrity of digitally signed
message: message:
large
message H: Hash encrypted
m function H(m)
msg digest
-
KB(H(m))
Bob’s digital large
private signature message
- Bob’s
key KB (encrypt) m digital
public
+ signature
key KB
encrypted H: Hash (decrypt)
msg digest function
-
+ KB(H(m))
H(m) H(m)
equal
?
8: Network Security 8-56
MD5 with RSA signature
MD5 with RSA signature
sender: m + E(MD5(m), private)
checksum
receiver: compare MD5(m) with D(checksum,
public)
7: Network Security 57
Key
Distribution
Centers
7: Network Security 58
Problems with Public-Key
Encryption
A way for Trudy to subvert public-key
encryption.
7: Network Security 59
Trusted Intermediaries
Problem: Problem:
How do two entities When Alice obtains
establish shared Bob’s public key
secret key over (from web site, e-
network? mail, diskette), how
Solution: does she know it is
trusted key Bob’s public key, not
Trudy’s?
distribution center
(KDC) acting as Solution:
intermediary trusted certification
between entities authority (CA)
7: Network Security 60
Key Distribution Center (KDC)
Alice,Bob need shared
symmetric key.
KDC: server shares
different secret key
with each registered
user.
Alice, Bob know own
Alice communicates with
symmetric keys, KA-KDC KDC, gets session key R1, and
KB-KDC , for KB-KDC(A,R1)
communicating with Alice sends Bob
KDC. KB-KDC(A,R1), Bob extracts R1
Alice, Bob now share the
symmetric key R1.
7: Network Security 61
Certification Authorities
Certification authority
(CA) binds public key to
particular entity.
Entity (person, router,
etc.) can register its public
key with CA.
Entity provides “proof
of identity” to CA.
CA creates certificate When Alice wants Bob’s public
binding entity to public key:
key. gets Bob’s certificate (Bob or
Certificate digitally elsewhere).
signed by CA. Apply CA’s public key to Bob’s
certificate, get Bob’s public
key
7: Network Security 62
X.509 is the standard for
certificates
The basic fields of an X.509 certificate.
7: Network Security 63
Public-Key Infrastructures
PKIs are a way to structure certificates
(a) A hierarchical PKI. (b) A chain of certificates.
7: Network Security 64
Example revisited (solved with
certificates)
Trudy presents Alice a certificate,
purporting to be Bob, but Alice is unable to
trace Trudy’s certificate back to a trusted
root
Be wary if your browser warns about certs!
7: Network Security 65
Secure
email
7: Network Security 66
Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS
m K (.)
S
KS(m ) KS(m )
KS( ) . m
+ Internet - KS
KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB
Alice:
generates random symmetric private key, KS.
encrypts message with KS (for efficiency)
also encrypts KS with Bob’s public key.
sends both KS(m) and KB(KS) to Bob.
7: Network Security 8-
67
Secure e-mail
Alice wants to send confidential e-mail, m, to Bob.
KS
m K (.)
S
KS(m ) KS(m )
KS( ) . m
+ Internet - KS
KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB
Bob:
uses his private key to decrypt and recover KS
uses KS to decrypt KS(m) to recover m
7: Network Security 8-
68
Secure e-mail (continued)
• Alice wants to provide sender authentication
message integrity.
- KA
+
KA
m .
H( )
-.
K ()
A
-
KA(H(m))
-
KA(H(m)) +
KA ( )
. H(m )
+ Internet - compare
m H( ) . H(m )
m
7; Network Security 8-
69
Pretty good privacy (PGP)
Internet e-mail encryption A PGP signed message:
scheme, a de-facto
---BEGIN PGP SIGNED MESSAGE---
standard. Hash: SHA1
Uses symmetric key
cryptography, public key Bob:My husband is out of town
tonight.Passionately yours,
cryptography, hash Alice
function, and digital
signature as described. ---BEGIN PGP SIGNATURE---
Version: PGP 5.0
Provides secrecy, sender
Charset: noconv
authentication, integrity. yhHJRHhGJGhgg/
Inventor, Phil Zimmerman, 12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G
6m5Gw2
was target of 3-year ---END PGP SIGNATURE---
federal investigation.
7: Network Security 70
Secure
Socket layer
(SSl)
7: Network Security 71
Secure sockets layer (SSL)
7: Network Security 73
Internet Explorer: Error Message
7: Network Security 74
SSL (continued)
7: Network Security 75
SSL basics
Alice validates
RA, RB are “nonces” used with Premaster key to create session key
Bob’s key
7: Network Security 78
IPsec: Network Layer Security
Network-layer secrecy:
For both AH and ESP, source,
sending host encrypts the
data in IP datagram destination handshake:
TCP and UDP segments; create network-layer
7: Network Security 79
ESP Protocol
Provides secrecy, host ESP authentication
authentication, data field is similar to AH
integrity. authentication field.
Data, ESP trailer encrypted.
Protocol = 50.
Next header field is in ESP
trailer.
7: Network Security 80
Authentication Header (AH) Protocol
7: Network Security 81
IPsec authentication (AH)
The IPsec authentication header in
transport mode for IPv4.
7: Network Security 82
IPsec encryption (ESP)
(a) ESP in transport mode (for end-to-end IPsec).
(b) ESP in tunnel mode (used in VPNs).
7: Network Security 83
Access
Control in
the Network
7: Network Security 84
Firewalls To prevent denial of service
attacks:
firewall SYN flooding: attacker
establishes many bogus
isolates organization’s internal
TCP connections.
net from larger Internet,
Attacked host alloc’s
allowing some packets to pass,
TCP buffers for bogus
blocking others.
connections, none left
for “real” connections.
To prevent illegal modification
Two firewall types: of internal data.
e.g., attacker replaces
packet filter
CIA’s homepage with
application gateways something else
To prevent intruders from
obtaining secret info.
7: Network Security 85
Packet Filtering
Internal network is Example 1: block incoming
connected to Internet and outgoing datagrams
through a router. with IP protocol field = 17
and with either source or
Router manufacturer
dest port = 23.
provides options for All incoming and outgoing
filtering packets, based on: UDP flows and telnet
source IP address connections are blocked.
destination IP address Example 2: Block inbound
TCP/UDP source and TCP segments with ACK=0.
destination port numbers Prevents external clients
from making TCP
ICMP message type connections with internal
TCP SYN and ACK bits clients, but allows internal
clients to connect to
outside.
7: Network Security 86
Filter-based firewalls
7: Network Security 87
Proxy-Based Firewalls
Solves more complex policy problems
Example:
I want internal company to be able to access entire web
server
I want outside world only to access public pages
Remote
Web
Firewall only lets proxy
company
user server connect to web server
Random
external
user Use proxies outside firewall
7: Network Security 88
Proxy-based firewalls
Run proxies for Web, mail, etc. just outside
firewall
In the “ de-militarized zone” DMZ
External requests go to proxies, only proxies
connect inside
External user may (“classical model”) or may not
(“transparent model”) know this is happening
Proxies filter based on application semantics
7: Network Security 89
Virtual Private Networks
Using firewalls and IPsec encryption to provide a
“leased-line” like connection over the Internet
(a) A leased-line private network. (b) A virtual
private network.
7: Network Security 90
Application gateways gateway-to-remote
host telnet session
host-to-gateway
telnet session
Filters packets on
application data as well application router and filter
gateway
as on IP/TCP/UDP fields.
Example: allow select
internal users to telnet
outside.
7: Network Security 91
Limitations of firewalls and gateways
7: Network Security 92
Network Security (summary)
Basic techniques…...
cryptography (symmetric and public)
authentication
message integrity
…. used in many different security scenarios
secure email
secure transport (SSL)
IP sec
Firewalls
7: Network Security 93