04/18/23 Gene Itkis: BU CAS 558 - Network Security 1
CS 558: Network Security
Gene Itkis
04/18/23 Gene Itkis: BU CAS 558 - Network Security 2
Network Security
Overview
04/18/23 Gene Itkis: BU CAS 558 - Network Security 3
Basic scenario
04/18/23 Gene Itkis: BU CAS 558 - Network Security 4
AliceSimplified Scenario
Network:•Internet•intranet•LAN•WAN•…
Bob
How to protect?•Encrypt
•Key agreement
•Authenticate
Eve
Issues:•Protocols•Protection (crypto)
A solution: SSL/TLS
04/18/23 Gene Itkis: BU CAS 558 - Network Security 5
How to protect?
04/18/23 Gene Itkis: BU CAS 558 - Network Security 6
Crypto
Landscape overview
04/18/23 Gene Itkis: BU CAS 558 - Network Security 7
Definitions and Concepts
04/18/23 Gene Itkis: BU CAS 558 - Network Security 8
What is CryptographyCryptography?
It all started with
– EncryptionEncryption / DecryptionDecryption
“attack at midnight”
“buubdl bu njeojhiu”
- plaintext
- ciphertext
04/18/23 Gene Itkis: BU CAS 558 - Network Security 9
Encryption / Decryption (cont.)
encoder
decoder
(plaintext in -ciphertext out)
ciphertext ciphertext msgmsg
(ciphertext in - plaintext out)
(should understand nothingnothing about the msg)
eavesdropper
bla-bla
cmb-cmb-cmbcmb
bla-bla
Shared Key
04/18/23 Gene Itkis: BU CAS 558 - Network Security 10
Crypto tools Encryption/decryption – to hide info Key exchange - to establish shared
key Authentication – to establish shared key
with the party you really meant to– public– private
Signatures Hashing Certificates, PKI
04/18/23 Gene Itkis: BU CAS 558 - Network Security 11
Adversary types
Alice and Bob want to communicate in presence of adversaries– Adversaries:
Passive – just looking Active – may change msgs
AliceAlice
BobBob
04/18/23 Gene Itkis: BU CAS 558 - Network Security 12
Key exchange: man-in-the-middle
Key exchange without Authentication– Subject to Man-in-the-Middle attack
Attacker translates between the keys, reading and/or modifying the messages
– Authentication afterwards will not help!
AliceAlice BobBobShared w/AliceShare
d w/Bob
04/18/23 Gene Itkis: BU CAS 558 - Network Security 13
Authentication
M
AliceAlice
BobBob
•Alice sends a msg M to Bob •Bob wants to be sure M is really from Alice
04/18/23 Gene Itkis: BU CAS 558 - Network Security 14
Signatures
AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
(M, SigM)
Verify(M, SigM, …)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 15
Authentication: “public”
AliceAlice
BobBob
• checks• contracts•…
04/18/23 Gene Itkis: BU CAS 558 - Network Security 16
Public Key Signatures
PAliceAlice
AliceAliceBobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
Verify(M, SigM, PAlice Alice )
Public Key Secret Key
ProblemProblem: How to authenticate: How to authenticate PAliceAlice ??
04/18/23 Gene Itkis: BU CAS 558 - Network Security 17
Certificates
“This public key PAliceAlice really belongs to Alice. Signed by Charlie, Certification Authority”
Certificates can be public! Who’s Charlie?!?Who’s Charlie?!?
AliceAliceCharlie,Charlie,
CACA
SAliceAlice
Public Key Secret Key
PAliceAlice
PAliceAlice
CA
04/18/23 Gene Itkis: BU CAS 558 - Network Security 18
Public Key Infrastructures (PKI) Root CA public key
– Obtained out-of-band– Certifies other Public Keys
(of CAs, or users) Certification Chains Grain of salt: so, you have a
certificate… To be continued…
04/18/23 Gene Itkis: BU CAS 558 - Network Security 19
Back to Signatures
AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
Verify(M, SigM, …)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 20
Authentication: “private”AliceAlice
BobBob
SAliceAlice
SigM= Sign(M, SAliceAlice )
= (M, SigM)
SAliceAlice
Verify(M, SigM, SAliceAlice ) :
Check SigM= Sign(M, SAliceAlice )
Message Authentication Code (MAC)Sign(M, SAliceAlice )=Hash(M, SAliceAlice )
MAC = “Shared Secret Sig” = Symmetric Sig (Sign=Verify)
04/18/23 Gene Itkis: BU CAS 558 - Network Security 21
Hashing
Crypto Hash:collisions may exist, but
are hard to find Given y hard to find x, s.t. Hash(x)=y
Used for: Symmetric signatures “Fingerprint” for Public Key signatures
x1 Hash y
x2collision
04/18/23 Gene Itkis: BU CAS 558 - Network Security 22
Another setting
AliceAlice
BobBob
04/18/23 Gene Itkis: BU CAS 558 - Network Security 23
04/18/23 Gene Itkis: BU CAS 558 - Network Security 24
04/18/23 Gene Itkis: BU CAS 558 - Network Security 25
04/18/23 Gene Itkis: BU CAS 558 - Network Security 26
04/18/23 Gene Itkis: BU CAS 558 - Network Security 27
04/18/23 Gene Itkis: BU CAS 558 - Network Security 28
04/18/23 Gene Itkis: BU CAS 558 - Network Security 29
04/18/23 Gene Itkis: BU CAS 558 - Network Security 30
04/18/23 Gene Itkis: BU CAS 558 - Network Security 31
04/18/23 Gene Itkis: BU CAS 558 - Network Security 32
04/18/23 Gene Itkis: BU CAS 558 - Network Security 33
04/18/23 Gene Itkis: BU CAS 558 - Network Security 34
04/18/23 Gene Itkis: BU CAS 558 - Network Security 35
04/18/23 Gene Itkis: BU CAS 558 - Network Security 36
04/18/23 Gene Itkis: BU CAS 558 - Network Security 37
04/18/23 Gene Itkis: BU CAS 558 - Network Security 38
04/18/23 Gene Itkis: BU CAS 558 - Network Security 39
04/18/23 Gene Itkis: BU CAS 558 - Network Security 40
04/18/23 Gene Itkis: BU CAS 558 - Network Security 41
04/18/23 Gene Itkis: BU CAS 558 - Network Security 42
04/18/23 Gene Itkis: BU CAS 558 - Network Security 43
04/18/23 Gene Itkis: BU CAS 558 - Network Security 44
04/18/23 Gene Itkis: BU CAS 558 - Network Security 45
04/18/23 Gene Itkis: BU CAS 558 - Network Security 46
04/18/23 Gene Itkis: BU CAS 558 - Network Security 47
Top Related