UNIT 5:- Pretty Good Privacy, IP Security

Contents
5.1 PGP (Pretty Good Privacy)
5.2 PGP Services
5.3 PGP Message Generation
5.4 PGP Message Reception
5.5 What Security Problem
5.6 Internet Threats
5.7 Understanding TCP/IP
5.8 Security at Application Layer
5.9 Security at Data Link Layer
5.10 IP Security (IPSec)
5.11 IPSec Security Services
5.12 IPSec Modes of Operation
5.13 Tunnel Mode
5.14 IPSec Security Protocols
5.15 Strong Password Protocols
5.16 Lamport Hash
5.17 Encrypted key exchange
 PGP (PRETTY GOOD PRIVACY)
 Security of PGP
 There are many known attacks against PGP.
 Attacks against cryptoalgorithms are not the main threat
 IDEA is considered strong, and while cryptoanalysis advances, it
should be strong still for some time.
 RSA may or may not be strong. There are recent rumors of
possible fast factorization algorithms..
 The main threats are much more simple.
 PGP (PRETTY GOOD PRIVACY)

 An attacker may socially engineer himself into a web of trust, or some trustable
person may change. Then he could falsify public keys. This breaks most of the
security.
 PGP binaries can be corrupted when they are obtained.
 The PGP binaries can be modified in the computer.
 The passphrase can be obtained by a Trojan. Weak passphrases can be cracked.
 On multiuser system, access to the secret key can be obtained.
 PGP SERVICES

Digital signature DSS/SHA or RSA/SHA A hash code of a message is created using

SHA-1. This message digest is encrypted
using DSS or RSA with the sender's
private key and included with the message.

Message CAST or IDEA or Three- A message is encrypted using CAST-128

encryption key Triple DES with or IDEA or 3DES with a one-time session
Diffie-Hellman or RSA key generated by the sender. The session
key is encrypted using Diffie-Hellman or
RSA with the recipient's public key and
included with the message.
 PGP (PRETTY GOOD PRIVACY)

 PGP use:
public keys for encrypting session keys / verifying
signatures.
private keys for decrypting session keys / creating signatures.
 PGP
 Alice wants to send confidential e-mail, m, to Bob.
KS

m .
K ()
S
KS(m ) KS(m )
KS( )
. m

+ Internet - KS

KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB

Bob:
 uses his private key to decrypt and recover KS
 uses KS to decrypt KS(m) to recover m
 PGP

• Alice wants to provide sender authentication

message integrity.

- KA
+
KA

m .
H( )
-.
K ()
A
-
KA(H(m))
-
KA(H(m)) + .
KA ( )
H(m )

+ Internet - compare

m H( ). H(m )
m

• Alice digitally signs message.

• sends both message (in the clear) and digital signature.
 PGP (PRETTY GOOD PRIVACY)

 PGP is an e-mail security program written by Phil

Zimmermann, based on the IDEA algorithm for encryption of
plaintext and uses the RSA Public Key algorithm for
encryption of the private key.
 PGP incorporates tools for developing a public-key trust
model and public-key certificate management.
PGP (PRETTY GOOD PRIVACY)

 PGP is an open-source freely available software

package for e-mail security. It provides
authentication; confidentiality; compression; e-
mail compatibility; and segmentation and
reassembly.
 PGP (PRETTY GOOD PRIVACY)

Compression ZIP A message may be compressed, for

storage or transmission, using ZIP.

Email compatibility Radix 64 To provide transparency for email

conversion applications, an encrypted message
may be converted to an ASCII string
using radix 64 conversion.

Segmentation To accommodate maximum

message size limitations, PGP
performs segmentation and
reassembly.
 PGP (PRETTY GOOD PRIVACY)

 PGP Algorithms
 Symmetric encryption:
 DES, 3DES, AES and others.
 Public key encryption of session keys:
 RSA or ElGamal.
 Hashing:
 SHA-1, MD-5 and others.
 Signature:
 RSA, DSS, ECDSA and others.
 PGP

Alice wants to send confidential e-mail, m, to Bob.

KS

m .
K ()
S
KS(m ) KS(m )
KS( )
. m

+ Internet - KS

KS
+.
K ()
B + +
- .
KB ( )
KB(KS ) KB(KS )
+ -
KB
KB

Alice:
 generates random symmetric private key, KS.
 encrypts message with KS (for efficiency)
 also encrypts KS with Bob’s public key.
 sends both KS(m) and KB(KS) to Bob.
PGP MESSAGE GENERATION
PGP MESSAGE RECEPTION
 PGP (PRETTY GOOD PRIVACY)

 Security of PGP
 There are many known attacks against PGP.
 Attacks against cryptoalgorithms are not the main threat
 IDEA is considered strong, and while cryptoanalysis advances, it should be strong
still for some time.
 RSA may or may not be strong. There are recent rumors of possible fast factorization
algorithms..
 The main threats are much more simple.
 PGP (PRETTY GOOD PRIVACY)
 An attacker may socially engineer himself into a web of trust, or some trustable
person may change. Then he could falsify public keys. This breaks most of the
security.
 PGP binaries can be corrupted when they are obtained.
 The PGP binaries can be modified in the computer.
 The passphrase can be obtained by a Trojan. Weak passphrases can be cracked.
 On multiuser system, access to the secret key can be obtained.
 WHAT SECURITY PROBLEM?

Today's Internet is primarily comprised of :

 Public
 Un-trusted
 Unreliable IP networks

Because of this inherent lack of security,

the Internet is subject to various types of
threats…
 INTERNET THREATS

 Data integrity
The contents of a packet can be accidentally or deliberately modified.
 Identity spoofing
The origin of an IP packet can be forged.
 Anti-reply attacks
Unauthorized data can be retransmitted.
 Loss of privacy
The contents of a packet can be examined in transit.
 UNDERSTANDING TCP/IP

OSI Reference Model

Application Layer Application

Presentation Layer

SNMP
SMTP
HTTP

DNS

NFS
FTP

FTP
Session Layer

Transport Layer TCP, UDP

Network Layer IP

Logical Link Layer Device Driver

Physical Layer Network Adapter

 UNDERSTANDING TCP/IP

Encapsulation of Data for Network Delivery

Original
Application Layer
Message

Transport Layer Header 3 Data 3

(TCP, UDP)

Network Layer Header 2 Data 2

(IP)

Data Link Header 1 Data 1

Layer
SECURITY AT WHAT LEVEL?

Application Layer PGP, Kerberos, SSH, etc.

Transport Layer Transport Layer Security (TLS)

Network Layer IP Security

Data Link Layer Hardware encryption

 SECURITY AT APPLICATION LAYER

(PGP, Kerberos, SSH, etc.)

 Implemented in end-hosts
 Advantages
 Extend application without involving operating system.
 Application can understand the data and can provide the appropriate security.
 Disadvantages
 Security mechanisms have to be designed independently of each application.
 SECURITY AT TRANSPORT LAYER

Transport Layer Security (TLS)

 Implemented in end-hosts
 Advantages
 Existing applications get security seamlessly
 Disadvantages
 Protocol specific
 SECURITY AT NETWORK LAYER

IP Security (IPSec)

 Advantages
 Provides seamless security to application and transport layers (ULPs).
 Allows per flow or per connection security and thus allows for very fine-grained security control.
 Disadvantages
 More difficult to to exercise on a per user basis on a multi-user machine.
 SECURITY AT DATA LINK LAYER

 (Hardware encryption)
 Need a dedicated link between host/routers.

 Advantages
- Speed.
 Disadvantages
 Not scalable.
 Need dedicated links.
 IP SECURITY (IPSEC)

 IPSec is a framework of open standards developed by the Internet

Engineering Task Force (IETF).

Creates secure, authenticated, reliable communications over IP

networks
 IPSEC SECURITY SERVICES

 Connectionless integrity
Assurance that received traffic has not been
modified. Integrity includes anti-reply defenses.
 Data origin authentication
Assurance that traffic is sent by legitimate party or parties.
 Confidentiality (encryption)
Assurance that user’s traffic is not examined by non-authorized parties.
 Access control
Prevention of unauthorized use of a resource.
 IPSEC MODES OF OPERATION

 Transport Mode: protect the upper layer protocols

Original IP IP TCP Data
  Datagram Header Header

Transport Mode IP IPSec TCP Data

protected packet Header Header Header

protected
¨ Tunnel Mode: protect the entire IP payload

Tunnel Mode New IP IPSec Original IP TCP Data

protected packet Header Header Header Header

protected
 TUNNEL MODE

 Host-to-Network, Network-to-Network

Application Application
Layer Layer
Protected Protected
Transport Data Data Transport
Layer Layer
Internet
IP IP
Layer Layer

Host A IPSec IPSec Host B

IP Layer IP Layer
SG SG
SG = Security Gateway
 TRANSPORT MODE

 Host-to-Host

Application Layer Application Layer

Transport Layer Transport Layer

IPSec IPSec
IP Layer IP Layer
Data Link Layer Data Link Layer
Host A Host B
 IPSEC SECURITY PROTOCOLS

 Authentication Header (AH) provides:

- Connectionless integrity
- Data origin authentication
- Protection against replay attacks
 Encapsulating Security Payload (ESP) provides:
- Confidentiality (encryption)
- Connectionless integrity
- Data origin authentication
- Protection against reply attacks

 Both protocols may be used alone or applied in combination with

each other.
 STRONG PASSWORD PROTOCOLS

 Password authentication over a network

 Transmit password in the clear.
 Open to password sniffing.
 Open to impersonation of server.
 Do Diffie-Hellman exchange to establish a secure key and an encrypted tunnel.
 Open to impersonation of server.
 Establish a SSL connection. Use trust anchors for mutual authentication of machines.
 Security depends on the security of the trust anchors.
 STRONG PASSWORD PROTOCOLS

 Password authentication over a network

 Use a one-time password
 Lamport Hash
 S/Key
 Use a strong password protocol
 Secure from dictionary attacks by impersonator or eavesdropper.
 Secure against impersonator on either side.
 LAMPORT HASH

 Bob stores
 Username Alice
 int n
 hn(password), h – one way function
 Password generation:
 Alice chooses a password.
 Alice calculates hm(password) and sends it to Bob.
 Bob initializes the database entry.
 LAMPORT HASH

 Protocol:
Alice
n
hn-1(pwd)
Alice’s Workstation Bob
Alice password

Bob checks:
Is h(Alice’s answer) = hn(password).
If yes, authenticate.
Then replace n with n-1 and store hn-1(password)
 LAMPORT’S HASH

 Alice’s workstation needs to regenerate the scheme with a new

password whenever n counts down to 1.
 There is no mutual authentication.

 Vulnerable to the “small n” attack.

 ENCRYPTED KEY EXCHANGE

 Alice has a “weak” password pswd.

 Bob stores a hash W = h(pswd) of the password.
 Alice’s workstation knows how to calculate W on the fly, once
Alice types in her password.
 Use W in a way that does not give any hints on W.
 ENCRYPTED KEY EXCHANGE

Alice Bob
Alice and Bob share a weak secret W = h(password)
Bob chooses a random b and a
Alice chooses a random challenge C1.
number a. She sends:
Alice, W{ga} He sends
W {gb, C1}
Both Bob and Alice use their knowledge of W to encrypt their mutual
messages. They both calculate K = gab.

Alice then proves her knowledge of W by her ability to calculate K. She also
picks a challenge C2 and sends K { C1, C2 } to Bob.

Bob encrypts this message and finds that Alice has solved his challenge C 1. Finally,
Bob authenticates himself to Alice. He proves his knowledge of W by his knowledge
of K, which he proves by being able to correctly encrypt Alice’s challenge C2. He
sends
 ENCRYPTED KEY EXCHANGE

EKE: Diffie-Hellman exchange with encryption.

W hash of password. (Bob stores it, Alice can recalculate it).
p Modulus. All calculation are based on it.

Alice: "Alice", EW(ga)

Bob: EW(gb), Challenge CBob

At this point, both Alice and Bob calculate K = gab

EK(CAlice, CBob)

EK(CAlice)
 EKE: ENCRYPTED KEY EXCHANGE
 Secure against eavesdropper because all data are undistinguishable
from random numbers. Eavesdropper cannot decide whether the g a,
gb are the correct decryption.
 Secure against impersonation:
 If treacherous Trudy impersonates Bob, she guesses a single value W in
the first exchange.
 ENCRYPTED KEY EXCHANGE

EKE: Diffie-Hellman exchange with encryption.

W hash of password. (Bob stores it, Alice can recalculate it).

Alice: "Alice", EW(ga)

Bob: EW(gb), Challenge CBob

At this point, both Alice and Bob calculate K = gab

EK(CAlice, CBob)

EK(CAlice)
 SPEKE: SIMPLE PASSWORD EXPONENTIAL KEY EXCHANGE

 Use W in place of g in the Diffie Hellman exchange.

Alice: "Alice", Wa

Bob: Wb, Challenge CBob

At this point, both Alice and Bob calculate K = W ab

EK(CAlice, CBob)

EK(CAlice)
 STRONG PASSWORDS: EKE

 A bad implementation of EKE allows an eavesdropper to exclude passwords.

 Assume that we calculate in the field of number modulo p, p a prime.
 Then ga and gb are both m bit numbers smaller than p.
 Attacker maintains a dictionary of possible passwords and observes many
authentication rounds.
 If W is in the dictionary, he encrypts Alice’s round 1 message M. If W -1{M } > p, then
attacker excludes W.
 Chance of excluding a false password W is 2m – p / p.
 If this chance is about 80%, then 50 rounds determine the password out of a normal
dictionary.
 CONCLUSION

Mentioned at the end of the chapter are the companions to network security, the
virus, malware, and intrusion detection tools. These tools are used by the
network administration to prevent, detect, and respond to attacks by malware,
virus, and other intrusion attacks. Malware and viruses, when introduced to
internal systems are beyond the detection and protection of firewalls so are much
more dangerous to network integrity. These problems are detected by packet
monitoring systems that can detect the signatures of known intrusions. UALR,
for example, will ‘quarantine’ systems that generate packets containing known
problem signatures, thus preventing the spread of problems from an infected
host.