Network Security 1 Network security Foundations: what is security? cryptography authentication ...
-
Upload
kelley-mason -
Category
Documents
-
view
226 -
download
5
Transcript of Network Security 1 Network security Foundations: what is security? cryptography authentication ...
Network Security 1
Network security
Foundations: what is security? cryptography authentication message integrity key distribution and certification
Security in practice: application layer: secure e-mail transport layer: Internet commerce, SSL, SET network layer: IP security
Network Security 2
Network SecurityNetwork Entities: Friends and EnemiesNetwork Entities: Friends and Enemies
Routers – exchange tables
Email applications – exchange secure emails
Client-server – establish secure transport connection
well-known in network security world Bob, Alice want to communicate 'securely' Trudy, the intruder may intercept, delete, add
messages
Insecure medium
Network Security 3
What is network security?
Secrecy:Secrecy: only sender, intended receiver should understand message contents sender encrypts messages receiver decrypts messages
Authentication:Authentication: sender, receiver want to confirm identity of each other
Message Integrity:Message Integrity: sender, receiver want to be sure message did not get altered (in transit), or get altered without detection
1
2
3
DESIRABLE PROPERTIES OF SECURE CONNECTION
Network Security 4
What is network security?
Availability and Access Control:Availability and Access Control: communication can occur in the first
place Prevent Denial-of-Service attacks (DoS)
ensures network entities can gain access to resources if they have access rights and perform accesses in a well-defined manner Firewall – controls access to and from the
network by regulating which packet can pass into and out of the network
4
DESIRABLE PROPERTIES OF SECURE CONNECTION
Network Security 5
Network Security
Protect: network communication and network resources
Detect: breaches of secure communication & attacks on infrastructure
Respond: deployment of additional
protection mechanisms
1
2
3
CYCLE IN ACHIEVING NETWORK SECURITY
Network Security 6
Internet security threats
Packet sniffing: broadcast media (remember CSMA/CD protocol) promiscuous NIC reads all packets passing by can read all unencrypted data (e.g. passwords) e.g.: C sniffs B's packets
A
B
C
src:B dest:A payload
Sniffer – tool for capturing packets sent across wire/air
e.g. TCPDump, Snoop, Snort, Ethereal
Network Security 7
Let’s see a sample capture file from
Ethereal
EtherealEtherealAn adapter could be set to listen in promiscuous modepromiscuous mode.
Network Security 8
Internet security threats
IP Spoofing: can generate raw IP packets directly from
application, putting any value into IP source address field
receiver can't tell if source is spoofed e.g.: C pretends to be B
A
B
C
src:B dest:A payload
Spoofing:Spoofing: providing false information about your identity in order to providing false information about your identity in order to gain unauthorized access to systemsgain unauthorized access to systems
Network Security 9
Internet security threats
Denial of service (DOS): flood of maliciously generated packets
swamp receiver Distributed DOS (DDOS): multiple
coordinated sources swamp receiver e.g., C and remote host SYN-attack A
A
B
C
SYN
SYNSYNSYN
SYN
SYN
SYN
Attack: to reduce ability to service clients by overloading target
Network Security 10
DoSDoS
• While the host is waiting for so many replies, it cannot accept any legitimate requests, so it becomes unavailable
• Attacker sends thousands and thousands of SYN packets to the victim
• Victim is forced to wait for replies that would never come.
Exploits basic weakness of TCP/IP Protocol
RecallRecallRecallRecall
Network Security 11
The language of cryptography
symmetric key crypto: sender, receiver keys identical
public-key crypto: encrypt key public, decrypt key secret
Figure 7.3 goes here
plaintext plaintext
ciphertext
KA
KB
Network Security 12
CryptographyFrom Alice to Bob: (SENDER)
Encryption Algorithm
Symmetric key systems: KA=KB, kept secret
Key: KA
Plaintext Message: m
Ciphertext: KA(m)
Bob’s side: (RECEIVER)
Decryption Algorithm
Encrypted Message: KA
key: KB
Plaintext: m
Public key systems: 1 key: known to the world other key: known only by Alice or Bob (but not both)
KB(KA(m))
Network Security 13
Monoalphabetic CipherSubstitution of letters without any regular pattern
Any letter can be substituted with any other letter, as long as each letter has a unique substitute letter, and vice-versa
Better than Ceasar’s cipher (shift cipher) in that there are 26! (on the order of 1026) Possible pairings of letters
plaintext: abcdefghijklmnopqrstuvwxyz
ciphertext: mnbvcxzasdfghjklpoiuytrewq
Plaintext: bob. i love you. aliceciphertext: nkn. s gktc wky. mgsbc
E.g.:
Q: How hard to break this simple cipher?:
Network Security 14
Monoalphabetic CipherSubstitution of letters without any regular pattern
“e” and “t” are the most frequently occurring letters in English
Two- and three-letter occurrences of letters appear quite often together(e.g. “in”, “it”, “the”, “ion”, “ing”, etc.)
Any letter can be substituted with any other letter, as long as each letter has a unique substitute letter, and vice-versa
13% of letter
occurrences
9% of letter occurrences
If intruder has some knowledge about possible contents of the message, code is even easier to break
Network Security 15
Symmetric key crypto: DESSymmetric key crypto: DES
DES: Data Encryption StandardDES: Data Encryption Standard US encryption standard [NBS 1977, NIST 1993]
Designed by IBM; adopted by the U.S. Government for non-military and non-classified use
56-bit56-bit symmetric keysymmetric key, 64-bit 64-bit plain text inputplain text input
GOAL:
Completely scramble data and key so that every bit of ciphertext Completely scramble data and key so that every bit of ciphertext depends on every bit of data and every bit of the key.. With a depends on every bit of data and every bit of the key.. With a good algorithm, good algorithm, there should be no correlation between the there should be no correlation between the ciphertext and either the original data or keyciphertext and either the original data or key..
Network Security 16
Symmetric key Symmetric key crypto: DEScrypto: DES
initial permutation
16 identical 'rounds' of function application, each using different 48 bits of key
final permutation
DES operation
For encrypting longer messages: use cipher-block chaining
• involve multiple rounds• block cipher - plaintext is divided into blocks and use the same key to encrypt and decrypt the blocks
Network Security 17
Symmetric key crypto: DESSymmetric key crypto: DES How secure is DESDES?
’97 DES Challenge: 56-bit-key-encrypted phrase: ('Strong cryptography makes the world a safer place') decrypted (brute force) in 4 months
• After testing a quarter of the key space: 18 quadrillion keys
no known backdoor decryption approach
making DESDES more secure use three keys sequentially (3-DES) on each datum
Successor to DES: (2001) AES: Advanced AES: Advanced Encryption Standard Encryption Standard 128-bit block data processing; keys: 128,192,256 bits long A machine that could crack 56-bit56-bit DESDES in one sec. (i.e. 255
per second) would approx. take 149149 trillion years to crack a 128-bit128-bit AESAES key
Network Security 18
Public Key Cryptography
symmetricsymmetric key key cryptocrypto
requires sender, receiver know shared secret keyshared secret key
Q: how to agree on key in first place (particularly if never met)?
Typical problem in the Internet
publicpublic key key cryptographycryptography
radically different approach [Diffie-Hellman76, RSA78]
sender, receiver dodo notnot share a secret share a secret keykey
encryption key public (known to all)
decryption key private (known only to receiver)
Is it possible to communicate with encryption without having a shared secret key known in advance?
Network Security 19
Public key cryptographyPublic key cryptography
Figure 7.7 goes here
Network Security 20
Public key encryption Public key encryption algorithmsalgorithms
need d ( ) and e ( ) such that
d (e (m)) = m BB
B B. .
need public and private keysfor d ( ) and e ( ). .
BB
Two inter-related requirements:
1
2
RSA: RSA: RRivest, SShamir, AAdleman algorithm
Network Security 21
RSA: Choosing keysRSA: Choosing keys
1. Choose two large prime numbers p, q. (e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e < n) that has no common factors with z. (e, z are 'relatively prime').
4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
In mathematics, a prime number (or a prime) is a natural number that has exactly two (distinct) natural number divisors,
which are 1 and the prime number itself. The first 30 prime numbers are 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, and 113
Network Security 22
Magichappens!
RSA: Encryption, RSA: Encryption, decryptiondecryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
c = m mod n
e (i.e., remainder when m is divided by n)e
2. To decrypt received bit pattern, c, compute
m = c mod n
d (i.e., remainder when c is divided by n)d
m = (m mod n)
e mod n
d
Network Security 23
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.e=5 (so e, z relatively prime).d=29 (so ed-1 exactly divisible by z.
letter m me c = m mod ne
l 12 248832 17
c m = c mod nd
17
481968572106750915091411825223072000 - too big !! (int type)
12cd letter
l
encrypt:encrypt:
decrypt:decrypt:
cd =
Network Security 24
RSA:how strong is it??
RSA Challenges: Prize offered to anyone who can break an RSA key of a
certain size (See www.rsasecurity.com/rsalabs ) US$200,000.00 for whoever solves a 2048 bits US$200,000.00 for whoever solves a 2048 bits
factorization problem. No one claimed the prize so factorization problem. No one claimed the prize so far...far...
Last challenge solved: RSA-576 $10,000 Factored in 2003 by J. Franke et al. Using a powerful parallel machine and very clever
algorithms Currently RSA-1024 is commonly used in practiceCurrently RSA-1024 is commonly used in practice RSA key's size matters, see next...
Network Security 25
AuthenticationProcess of proving one’s identity to someone else over a network
Let’s see stepwise evolution of a design of an authentication protocol (ap)
“live” party (often routers, client-server processes) Cannot rely on biometric information Must be done solely on the basis of messages and
data exchanged Must be performed before other protocols:
E.g. Reliable data transfer protocol Routing information exchange protocol E-mail protocol
Next
Network Security 26
Authentication
Goal: Bob wants Alice to prove her identity to him
Protocol ap1.0: Alice says ''I am Alice''
Failure scenario??
Network Security 27
Authentication: using IP
Protocol ap2.0: Alice says ''I am Alice'' and sends her IP address along to prove it.
Failure scenario??
Create an Operating system kernel that sends an IP datagram using
Alice’s IP address
Not unless first-hop router of Trudy would prevent it
Network Security 28
Authentication: Secret Password
Protocol ap3.0: Alice says ''I am Alice'' and sends her secret password to prove it.
Failure scenario?
Passwords are sent as cleartext for some applications (e.g. Telnet). Within the same LAN, it can be sniffed
WireShark
Network Security 29
Authentication: Encrypted Secret Password
Protocol ap3.1: Alice says ''I am Alice'' and sends her encrypted secret password to prove it.
Failure scenario?I am Alice
encrypt(password)
Playback attack: record encrypted password, playback encrypted password version to Bob to pretend that she is Alice
*Password is not learned by Trudy
Pitfall: same password is used over and over again.
Assumption: Symmetric key cryptography is employed Shared Secret key
Network Security 30
Playback AttackHow to solve it?
Use a different password each time
Failure Scenario:
• use a sequence of passwords or password generator (could be a numbernumber)
Bob cannot distinguish between the original authentication and its playback version
• apply encryption algorithm to each password
Countermeasures:
Bob knows: Alice is indeed sending the datagram, because she knows the secret encryption keysecret encryption key, and she is sending it “live” because she is using the numbernumber recently generated by Bob.
Network Security 31
Authentication: Sequence of Encrypted Secret Passwords
Goal: avoid playback attack
Failures, drawbacks?
Figure 7.11 goes here
Nonce: number (R) used only once in a lifetime
ap4.0: to prove Alice is live, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
Nonce + Symmetric key Cryptography (Shared Secret Key)
We have a solution! Bob knows: Alice is indeed sending the datagram, because she knows the secret encryption key, and she is sending it “live”
Network Security 32
Figure 7.12 goes here
Authentication: ap5.0
ap4.0 requires shared symmetric key– problem: how do Bob, Alice agree on key
– can we authenticate using public key techniques?
Eventually, Alice & Bob may find together that someone else was interacting with Bob.
Problem: Trudy may be able to impersonate Alice
Trudy
*Note: eA(dA(R)) = dA(eA(R)) = R
Ap5.0: Nonce + Public key cryptography
Network Security 33
Figure 7.14 goes here
ap5.0: security hole
Man (woman)-in-the-middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)
Need 'certified' public keys (more later …)
Alice & Bob may never know that Trudy was there all along.
Alice is happy to receive encrypted message using her own public key
Bob is happy to send encrypted data
Network Security 34
Digital Signatures
Cryptographic technique analogous to hand-written signatures.
Sender (Bob) digitally signs document, establishing he is document owner/creator.
Verifiable, non-forgeable, non-repudiable: recipient (Alice) can verify that Bob, and no one else, signed document.
Simple digital signature for message m:
Bob encrypts m with his private key ddBB, creating signed message, ddBB(m)(m).
Bob sends mm and ddBB(m)(m) to Alice.
Network Security 35
Digital Signatures (more)
Suppose Alice receives msg mm, and digital signature ddBB((mm))
Alice verifies mm signed by Bob by applying Bob’s public key eeBB to ddBB((mm)) then checks eeBB((ddBB((mm) ) )) = mm.
If eeBB((ddBB((mm)) )) = mm, whoever signed mm must have used Bob's private key.
Alice thus verifies that: Bob signed mm. No one else signed mm. Bob signed mm and not
m’m’..
Non-repudiation: Alice can take mm, and
signature ddBB((mm)) to court and prove that Bob signed mm.
Network Security 36
Message Digests
It is computationally expensive to public-key-encrypt long messages.
Goal: fixed-length,easy to compute digital signature, 'fingerprintfingerprint'
apply hash function H to m, get fixed size message digest, H(m)H(m).
Hash function properties: Many-to-1 Produces fixed-size msg digest
(fingerprint)
NON-FORGEABILITY REQUIREMENT Given message digest xx,
computationally infeasible to find mm such that x = H(m)x = H(m)
computationally infeasible to find any two messages mm and m'm' such that
H(m) = H(H(m) = H(m'm')).
Network Security 37
Digital signature = Signed message digest
Bob sends digitally signed message:
Alice verifies signature and integrity of digitally signed message:
Network Security 38
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function:
produces fixed-length digest (16-bit sum) of message
is many-to-oneBut given message with given hash value, it is easy to
find another message with same hash value:
I O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 4F 42
message ASCII format
B2 C1 D2 AC
I O U 90 0 . 19 B O B
49 4F 55 3930 30 2E 3139 42 4F 42
message ASCII format
B2 C1 D2 ACdifferent messagesbut identical checksums!
Network Security 39
Hash Function Algorithms
Internet checksum would make a poor message digest. Too easy to find
two messages with same checksum.
Even using a 128-bit CRC it would be easy to find a second message to fit to the CRC
MD5 hash function widely used (RFC1321 with code). Computes 128-bit
message digest in 4-step process.
For any arbitrary 128-bit message digest x, it appears difficult to construct msg m whose MD5 hash is equal to x.
SHA-1 is also used. US federal standard 160-bit message digest
Network Security 40
Hash Function Algorithms MD5
Try the freeware WinMD5Free.exe MD5 is a very reliable way to fingerprint a file From rfc1321 (with code): ...”The MD5 algorithm]
takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message having a given pre-specified target message digest.
Difficulty of coming up with any two messages with same message digests: order of
264 operations.
Given a message digest, the difficulty of coming up with any message with the same
message digest is in the order of 2128 operations.
Network Security 41
Trusted IntermediariesTrusted Intermediaries
Problem: How do two entities two entities
establish shared shared secret key secret key over network?
Solution: trusted key
distribution centre (KDC) acting as intermediary between entities
Problem: When Alice obtains
Bob's public key (from web site, e-mail, diskette), how does she know it is Bob's Bob's public keypublic key, not Trudy's?
Solution: trusted certification
authority (CA)
Network Security 42
Kerberos• Authentication service developed at MIT (RFC 1510)
Authentication Server (AS)
Plays the role of the KDC
Repository of secret keys of all users
• Uses symmetric key encryption & key distribution center
• Variations & extensions to KDC
Repository of users’ access privileges indicating which service the user has access to, and on which network servers
Network Security 43
Key Distribution Center (KDC)
Alice,Bob need shared symmetric key.
KDC: server shares different secret key with each registered user.
Alice, Bob know their own symmetric keys, KA-KDC KB-KDC , for communicating with KDC.
Alice communicates with KDC, gets session key R1, and KB-
KDC(A,R1)
Alice sends Bob KB-KDC(A,R1), Bob extracts R1
Alice, Bob now share the symmetric key R1.
KDC uses the appropriate private user secret key to communicate with them.
Bob : a Server to which Alice: a user
How can Alice & Bob get a shared symmetric key in a secured way?+ expiration time+ expiration time
+ R1-encrypted time-+ R1-encrypted time-stamp (nonce)stamp (nonce)
Network Security 45
Certification Authorities
Certification authority (CA) binds public key to particular entity.
Entity (person, router, etc.) can register its public key with CA. Entity provides proof
of identity to CA. CA creates certificate
binding entity to public key.
Certificate digitally signed by CA.
When Alice wants Bob's public key:
gets Bob's certificate (from Bob or elsewhere).
Apply CA's public key to Bob's certificate, get Bob's public key
Network Security 46
Certificate SampleCertificate Sample
Network Security 48
END OF SESSION
Network Security 49
FirewallUses a combination of hardware and software components
isolates organization's internal net from larger Internet, allowing some packets to pass, blocking others.
gateway-to-remote host telnet session
applicationgateway
router and filter
X
Network Security 50
Firewall
Two firewall types: packet filter packet filter (network
layer) application gateways application gateways
(application layer)
To prevent denial of service attacks: SYN flooding: attacker
establishes many bogus TCP connections. Consequence of Attacks: host allocates TCP buffers for bogus connections, none left for real connections.
To prevent illegal modification of internal data. e.g., attacker replaces
CIA's homepage with something else
To prevent intruders from obtaining secret info.
Network Security 51
The Internet access relies on a particular Router
The router can filter packets based on:
IP addresses Domain names Port numbers Protocol types TCP SYN and ACK bits on a TCP packet
PACKET FILTERING
Coarse-grain filtering on IP and TCP/UDP headers
Operates at the Network Layer
Operates by sequentially checking filtering rules against the datagram being inspected; the first rule matching the datagram determines the action taken
Network Security 52
PACKET FILTERING Alice administers a company network 222.22.0.0/16222.22.0.0/16 and, in general, wants
to disallow access to her network from the public internet (R3R3). However, Alice collaborates with Bob and his colleagues who are at network 111.11/16111.11/16. Alice wants to let users from Bob’s network access a specific subnet, 222.22.22/24222.22.22/24 within her company’s network (R1). The problem is that Trudy belongs to Bob’s network, with subnet 111.11.11/24111.11.11/24. Therefore, Alice doesn’t want any traffic from 11.11.11/2411.11.11/24 entering anywhere into her network (R2R2).
SOURCE
IP
DEST
IP
Desired Action
Comments
R1 111.11/16 222.22.22/24 Permit Let datagram from Bob’s university into a restricted
subnet.
R2 111.11.11/24 222.22/16 Deny Don’t let traffic from Trudy’s subnet into
anywhere within Alice’s network
R3 0.0.0.0/0 0.0.0.0/0 Deny Don’t let traffic into Alice’s network
Packet filtering rules (ordering of evaluation is important!)
Network Security 53
PACKET FILTERING Specifying filtering rules
SOURCE
IP
DEST
IP
Desired Action
R2,R1,R3 R1,R2,R3
P1 111.11.11.1 222.22.6.6 Deny
P2 111.11.11.1 222.22.22.2 Deny
P3 111.11.6.6 222.22.22.2 Permit
P4 111.11.6.6 222.22.6.6 Deny
SOURCE
IP
DEST
IP
Desired Action
Comments
R1 111.11/16 222.22.22/24 Permit Let datagram from Bob’s university into a restricted
subnet.
R2 111.11.11/24 222.22/16 Deny Don’t let traffic from Trudy’s subnet into
anywhere within Alice’s network
R3 0.0.0.0/0 0.0.0.0/0 Deny Don’t let traffic into Alice’s network
Network Security 54
PACKET FILTERING Operates at the Network Layer
SOURCE
IP
DEST
IP
Desired Action
R2,R1,R3
R1,R2,R3
P1 111.11.11.1 222.22.6.6 Deny Deny(R2) Deny(R2)
P2 111.11.11.1 222.22.22.2 Deny Deny(R2) Permit(R1)
P3 111.11.6.6 222.22.22.2 Permit Permit(R1)
Permit(R1)
P4 111.11.6.6 222.22.6.6 Deny Deny(R3) Deny(R3)
Applying more specific rules first does not always avoid unanticipated or unwanted behaviour arising from ordering issues
Network Security 55
Example 3: block 'ping' In order to avoid
external users to find suitable IP addresses to attack.
Example 4: Block domain names
that are known to be dangerous to users or inadequate for the scope of the institution.
Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.
• All incoming and outgoing UDP flows and telnet connections are blocked.
Example 2: Block inbound TCP segments with ACK=0.
• Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.
PACKET FILTERING
Network Security 56
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
APPLICATION GATEWAYS Application specific server through
which all application data must pass
Multiple application gateways on the same host
e.g. Telnet, HTTP, FTP, mail server, Web Cache
Make policy decisions based on application data
Packet Filter + Application Gateway
e.g. Force all outbound Telnet connections to pass through the application gateway
Each Gateway = separate server with own processes
Network Security 57
Filters packets on application data as well as on IP/TCP/UDP fields.
Example: Allow only selected internal users to telnet outside.
host-to-gatewaytelnet session
gateway-to-remote host telnet session
applicationgateway
router and filter
1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet
connection to dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating from gateway.
APPLICATION GATEWAYS
Network Security 58
Limitations of firewalls and gateways
IP spoofing: router can't know if data really comes from claimed source
Multiple applications need special treatment; each with its own gateway.
Client software must know how to contact gateway. e.g., must set IP address
of proxy in Web browser
Filters often use all or nothing policy for UDP.
Trade off: degree of communication with outside world, level of security
Many highly protected sites still suffer from attacks.
Does not protect against the enemy from within.
Network Security 59
Snort® Snort®
Snort® is an open source network intrusion prevention and detection system (IDS/IPS) developed by Sourcefire. Combining the benefits of signature, protocol, and anomaly-based inspection, Snort is the most widely deployed IDS/IPS technology worldwide. With millions of downloads and nearly 400,000 registered users, Snort has become the de facto standard for IPS.
Network Security 60
Secure e-mailSecure e-mailDesirable Security Features
Let’s see stepwise evolution of a design of a Secure E-mail
Confidentiality Sender authentication
“I don’t love you anymore. I never want to see you again. Formerly yours, Alice”
Message Integrity Receiver Authentication
Tools: symmetric key & public key cryptography Authentication Key Distribution Message Integrity Digital Signatures
Next
Network Security 61
Secure e-mailSecure e-mail
• generates random symmetric private key, KS.• encrypts message with KS
• also encrypts KS with Bob's public key.• sends both KS(m) and eB(KS) to Bob.
• Alice wants to send secret e-mail message, m, to Bob.
Confidentiality
Tools: Symmetric Session key + Public key cryptography
SE v1
Network Security 62
Secure e-mail (continued)Secure e-mail (continued)
• Alice wants to provide sender authentication message integrity.
• Alice digitally signs message.• sends both message (in the clear) and digital signature.
Confidentiality + Authentication + Message IntegrityX
Tools: Hash Function + Digital Signature
SE v2
Network Security 63
Secure e-mail (continued)Secure e-mail (continued)
• Alice wants to provide secrecy, sender authentication, message integrity.
Note: Alice uses both her private key, Bob's public key.
Confidentiality + Authentication + Message IntegritySE v3
Confidentiality measuresAuthentication + Message Integrity
Network Security 64
Pretty good privacy (PGP)Pretty good privacy (PGP)
Internet e-mail encryption scheme, a de-facto standard.
Uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described.
Provides secrecy, sender authentication, integrity.
Inventor, Phil Zimmerman, was target of 3-year federal investigation.
---BEGIN PGP SIGNED MESSAGE---Hash: SHA1
Bob:(secret message)
---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/
12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
A PGP signed message:
Cryptography programs are considered munitions under US federal law and are not allowed to be exported
dA(H(m))
Network Security 65
PGPPGPTOOLS
Creation of Message Digest
MD5, SHA
Symmetric Key Encyption
CAST, triple-DES, IDEA
RSA
Public Key Encyption
Compression
DesignSimilar to SEv3 diagram discussed
Network Security 66
Pretty good privacy (PGP)Pretty good privacy (PGP)
Freely available on http://web.mit.edu/network/pgp.html Look also www.pgp.com Zimmermann has received technical awards
2001: he was inducted into the CRN Industry Hall of Fame
2000: InfoWorld named him one of the Top 10 Innovators in E-Business
1999: Louis Brandeis Award from Privacy International 1998: Lifetime Achievement Award from Secure
Computing Magazine 1996: the Norbert Wiener Award from Computer
Professionals for promoting the responsible use of technology.
Network Security 67
Internet Commerce ScenarioInternet Commerce ScenarioPurchasing a product from a website
Alice Incorporated Site
Information
Product, QuantityAddressPayment card numberpassword submit
Intercept order, obtain Bob’s card information, then make purchases using Bob’s card; or
Trudy could be masquerading as Alice Incorporated
Use SSL protocol to combat these problems
Network Security 68
Secure sockets layer (SSL)Secure sockets layer (SSL)
Originally developed by NetscapeNetscape
SSL security services: server authentication data encryption client authentication
(optional)
SSL works at transport transport layerlayer. Provides security to any TCP-based app using SSL services.
SSL: used between WWW browsers, servers for Internet-commerce (httpshttps).
Server authentication: SSL-enabled browser includes
public keys for trusted CAs. Browser requests server
certificate, issued by trusted CA.
Browser uses CA's public key to extract server's public key from certificate.
Visit your browser's security menu to see its trusted CAs.
sits between Application Layer and TCP
Network Security 69
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)Originally developed by Netscape
Data encryption
negotiates encryption algorithm
Can be viewed as a layer bet. App. Layer & Transport Layer Authentication bet. Web client & Web server
Web Client (browser)SSL-enabled Web Server 1. Handshake Phase
Authenticates server to client (or, vice-versa)
2. Data Transmission Phase Encryption of data using Session keys generated
during handshake phase
Network Security 70
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)HIGH-LEVEL VIEW OF HANDSHAKE PHASE OF SSL
Bob browses Alice’s secure page
Alice sends Bob her certificate
Bob extracts Alice’s public key
Bob generates a random symmetric key and encrypts it using Alice’s public key
Alice extracts the symmetric key
Network Security 71
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)FEATURES
SSL SERVER AUTHENTICATION
SSL CLIENT AUTHENTICATION (Optional)
Allows the browser to authenticate the server
before the user submits important information
Client obtains certificate from server, then checks certificate with client’s list of trusted CAs.
If found on list, client validates certificate’s integrity and
extracts server’s public key
information tampering detection
ENCRYPTED SSL SESSION
encryption/decryption of all information between browser & server
List of trusted CAs + Public keys
Network Security 72
SSL (continued)SSL (continued)
Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server.
Using its private key, server decrypts session key.
Browser, server agree that future msgs will be encrypted.
All data sent into TCP socket (by client or server) encrypted with session key.
SSL: basis of IETF Transport Layer Security (TLS).
SSL can be used for non-Web applications, e.g., IMAP.
Client authentication can be done with client certificates.
ENCRYPTED SSL SESSION
Network Security 73
Secure Sockets Layer (SSL)Secure Sockets Layer (SSL)LIMITATIONS
Generic secure communication bet. server & client
signed certificate – guarantees bona fide company certificate does not indicate if company is authorized to accept
card payments nor if its a reliable merchant
Company has no assurance if card is not stolen
Provides a popular platform (for servers and browsers) for card payment transactions
Network Security 74
Network Security 75
Network Security 76
Network Security 77
Secure electronic transactions Secure electronic transactions (SET)(SET) designed for payment-card
transactions over Internet. provides security services
among 3 players: customer merchant Merchant's bankAll must have certificates.
SET specifies legal meanings of certificates. apportionment of
liabilities for transactions
Customer's card number passed to merchant's bank without merchant ever seeing number in plain text. Prevents merchants
from stealing, leaking payment card numbers.
Three software components: Browser wallet Merchant server Acquisition gateway
Network Security 78
SSH (Secure Shell): SSH (Secure Shell):
Telnet or rsh are not secure They transmit login/passwords over the network SSH is safer because it encrypts the login/password Authenticates the hosts Keeps keys on the user's local directory Example of known_hosts file:
hostname1,130.113.118.147 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAsmnfyxDMN7o1UrXuvjchDDFGRVdwRLVC+/pVoXvrVl5Byxp/GQSdWJeYzMyEyKaNQ+IgFpiBGqnsgfk8uQJCzyJnB3nkYSAhVlz2emjuC6kuJ8yFgoIxON4v9NVEeSgSEIua6aVBi4a4tfy2sSj15aYzWPSOmJoG+hnt6lEaDY0
an example of secure connectionan example of secure connection
Network Security 79
END OF SESSION
Network Security 80
Ipsec: Network Layer Security
Network-layer secrecy: sending host encrypts the
data in IP datagram TCP and UDP segments; ICMP
and SNMP messages. Network-layer authentication
destination host can authenticate source IP address
Two principal protocols:Two principal protocols: authentication header (AH)
protocol encapsulation security
payload (ESP) protocol
For both AH and ESP, source, destination handshake: create network-layer
logical channel called security association (SA)
Each SA unidirectional. Uniquely determined by:
security protocol (AH or ESP)
source IP address 32-bit connection ID
Blanket coverage for all Internet traffic (RFC 2401, 2411)
AdvantagesAdvantages Necessary PrecursorNecessary Precursor
Network Security 81
Authentication Header (AH) Protocol
Provides source host authentication, data integrity, but not secrecy.
AH header inserted between IP header and IP data field.
Protocol field = 51. Intermediate routers
process datagrams as usual.
AH header includes: connection identifier authentication data: signed
message digest, calculated over original IP datagram, providing source authentication, data integrity.
Next header field: specifies type of data (TCP, UDP, ICMP, etc.)
Network Security 82
Encapsulation Security Payload (ESP) Protocol
Provides secrecy, host authentication, data integrity.
Data, ESP trailer encrypted. Next header field is in ESP
trailer.
ESP authentication field is similar to AH authentication field.
Protocol = 50.
Network Security 83
Network Security (summary)
Basic techniques…... cryptography (symmetric and public) authentication message integrity…. used in many different security scenarios secure email secure transport (SSL) IP sec