1

2004.6.10.

This ClassChapter 9

Next ClassWrap up this semesterReview what we have learnedQuestionnaire/FeedbackFinal exam

2

Certificates

A special type of digitally signed document name of entity being certified public key of entity name of certificate authority (CA) digital signature

X.509 major standard of certificates

3

Certification Authorities

Certification authority (CA): binds public key to particular entity, E.

E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. certificate containing E’s public key digitally signed by

CA – CA says “this is E’s public key”Bob’s public

key K B+

Bob’s identifying informatio

n

digitalsignature(encrypt)

CA private

key K CA-

K B+

certificate for Bob’s public

key, signed by CA

4

Certification Authorities

When Alice wants Bob’s public key: gets Bob’s certificate (Bob or elsewhere). apply CA’s public key to Bob’s certificate,

get Bob’s public key

Bob’s public

key K B+

digitalsignature(decrypt)

CA public

key K CA+

K B+

5

A certificate contains:

Serial number (unique to issuer) info about certificate owner, including

algorithm and key value itself (not shown) info about

certificate issuer valid dates digital signature by

issuer

6

Secure e-mail

Alice: generates random symmetric private key, KS. encrypts message with KS (for efficiency) also encrypts KS with Bob’s public key. sends both KS(m) and KB(KS) to Bob.

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m

)

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m

)

KB(KS )+

7

Secure e-mail

Bob: uses his private key to decrypt and recover KS

uses KS to decrypt KS(m) to recover m

Alice wants to send confidential e-mail, m, to Bob.

KS( ).

KB( ).+

+ -

KS(m

)

KB(KS )+

m

KS

KS

KB+

Internet

KS( ).

KB( ).-

KB-

KS

mKS(m

)

KB(KS )+

8

Secure e-mail (continued)

• Alice wants to provide sender authentication message integrity.

• Alice digitally signs message.• sends both message (in the clear) and digital signature.

H( ). KA( ).-

+ -

H(m )KA(H(m))-

m

KA-

Internet

m

KA( ).+

KA+

KA(H(m))-

mH( ). H(m )

compare

9

Secure e-mail (continued)

• Alice wants to provide secrecy, sender authentication, message integrity.

Alice uses three keys: her private key, Bob’s public key, newly created symmetric key

H( ). KA( ).-

+

KA(H(m))-

m

KA-

m

KS( ).

KB( ).+

+

KB(KS )+

KS

KB+

Internet

KS

10

Pretty good privacy (PGP)

Internet e-mail encryption scheme, de-facto standard.

uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described.

provides secrecy, sender authentication, integrity.

inventor, Phil Zimmerman, was target of 3-year federal investigation.

---BEGIN PGP SIGNED MESSAGE---Hash: SHA1

Bob:My husband is out of town tonight.Passionately yours, Alice

---BEGIN PGP SIGNATURE---Version: PGP 5.0Charset: noconvyhHJRHhGJGhgg/

12EpJ+lo8gE4vB3mqJhFEvZP9t6n7G6m5Gw2

---END PGP SIGNATURE---

A PGP signed message:

11

PGP (continued)

Key Distribution in PGP“PGP is for people who prefer to pack their own parachutes”

Use key rings and manage level of “trust”

12

Secure Shell (SSH)

Problem of Telnet?

SSH v2 consists of 3 protocols:SSH-TRANSSSH-AUTHSSH-CONN

13

SSH-TRANS

Provides an encrypted channel between client and serverclient authenticates server by RSAboth establish a session keyboth negotiate encryption algorithm

Q: How does client get server’s public key?

14

SSH-AUTH

3 ways to authenticateUse session key from SSH-TRANS to encrypt password

Use public key encryptionUse host-based authentication

15

SSH-CONN

Supports “port forwarding” Often used in X Windows

16

Secure sockets layer (SSL)

transport layer security to any TCP-based app using SSL services.

used between Web browsers, servers for e-commerce (shttp).

security services: server authentication data encryption client authentication

(optional)

server authentication: SSL-enabled browser

includes public keys for trusted CAs.

Browser requests server certificate, issued by trusted CA.

Browser uses CA’s public key to extract server’s public key from certificate.

check your browser’s security menu to see its trusted CAs.

17

SSL (continued)

Encrypted SSL session: Browser generates

symmetric session key, encrypts it with server’s public key, sends encrypted key to server.

Using private key, server decrypts session key.

Browser, server know session key All data sent into TCP

socket (by client or server) encrypted with session key.

SSL: basis of IETF Transport Layer Security (TLS).

SSL can be used for non-Web applications, e.g., IMAP.

Client authentication can be done with client certificates.

18

IPsec: Network Layer Security

Network-layer secrecy: sending host encrypts the

data in IP datagram TCP and UDP segments;

ICMP and SNMP messages. Network-layer authentication

destination host can authenticate source IP address

Two principle protocols: authentication header

(AH) protocol encapsulation security

payload (ESP) protocol

For both AH and ESP, source, destination handshake: create network-layer

logical channel called a security association (SA)

Each SA unidirectional. Uniquely determined by:

security protocol (AH or ESP)

source IP address 32-bit connection ID

19

Authentication Header (AH) Protocol

provides source authentication, data integrity, no confidentiality

AH header inserted between IP header, data field.

protocol field: 51 intermediate routers

process datagrams as usual

AH header includes: connection identifier authentication data:

source- signed message digest calculated over original IP datagram.

next header field: specifies type of data (e.g., TCP, UDP, ICMP)

IP header data (e.g., TCP, UDP segment)AH header

20

ESP Protocol

provides secrecy, host authentication, data integrity.

data, ESP trailer encrypted. next header field is in ESP

trailer.

ESP authentication field is similar to AH authentication field.

Protocol = 50.

IP header TCP/UDP segmentESP

headerESP

trailerESP

authent.

encryptedauthenticated

21

Firewalls

isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.

firewall

administerednetwork

publicInternet

firewall

22

Firewalls: Why

prevent denial of service attacks: SYN flooding: attacker establishes many bogus

TCP connections, no resources left for “real” connections.

prevent illegal modification/access of internal data. e.g., attacker replaces CIA’s homepage with

something elseallow only authorized access to inside network (set of

authenticated users/hosts)two types of firewalls:

application-level packet-filtering

23

Packet Filtering

internal network connected to Internet via router firewall

router filters packet-by-packet, decision to forward/drop packet based on: source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits

Should arriving packet be allowed

in? Departing packet let out?

24

Packet Filtering

Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23. All incoming and outgoing UDP flows and

telnet connections are blocked. Example 2: Block inbound TCP segments with

ACK=0. Prevents external clients from making TCP

connections with internal clients, but allows internal clients to connect to outside.

25

Application gateways

Filters packets on application data as well as on IP/TCP/UDP fields.

Example: allow select internal users to telnet outside.

host-to-gatewaytelnet session

gateway-to-remote host telnet session

applicationgateway

router and filter

1. Require all telnet users to telnet through gateway.2. For authorized users, gateway sets up telnet

connection to dest host. Gateway relays data between 2 connections

3. Router filter blocks all telnet connections not originating from gateway.

26

Limitations of firewalls and gateways

IP spoofing: router can’t know if data “really” comes from claimed source

if multiple app’s. need special treatment, each has own app. gateway.

client software must know how to contact gateway. e.g., must set IP address

of proxy in Web browser

filters often use all or nothing policy for UDP.

tradeoff: degree of communication with outside world, level of security

many highly protected sites still suffer from attacks.

27

Applications

DNS SMTP, MIME, IMAP HTTP SNMP RTP SDP, SIP, H.323

28

DNS: Domain Name System

People: many identifiers: SSN, name, passport #

Internet hosts, routers: IP address (32 bit) - used

for addressing datagrams

“name”, e.g., gaia.cs.umass.edu - used by humans

Q: map between IP addresses and name ?

Domain Name System: distributed database

implemented in hierarchy of many name servers

application-layer protocol host, routers, name servers to communicate to resolve names (address/name translation) note: core Internet

function, implemented as application-layer protocol

complexity at network’s “edge”

29

DNS name servers

no server has all name-to-IP address mappings

local name servers: each ISP, company has

local (default) name server host DNS query first goes

to local name server

authoritative name server: for a host: stores that

host’s IP address, name can perform name/address

translation for that host’s name

Why not centralize DNS?

single point of failure traffic volume distant centralized

database maintenance

doesn’t scale!

30

DNS: Root name servers

contacted by local name server that can not resolve name root name server:

contacts authoritative name server if name mapping not known

gets mapping returns mapping to local name server

b USC-ISI Marina del Rey, CAl ICANN Marina del Rey, CA

e NASA Mt View, CAf Internet Software C. Palo Alto, CA

i NORDUnet Stockholm

k RIPE London

m WIDE Tokyo

a NSI Herndon, VAc PSInet Herndon, VAd U Maryland College Park, MDg DISA Vienna, VAh ARL Aberdeen, MDj NSI (TBD) Herndon, VA

13 root name servers worldwide

31

Simple DNS example

host surf.eurecom.fr wants IP address of gaia.cs.umass.edu

1. contacts its local DNS server, dns.eurecom.fr

2. dns.eurecom.fr contacts root name server, if necessary

3. root name server contacts authoritative name server, dns.umass.edu, if necessary requesting host

surf.eurecom.frgaia.cs.umass.edu

root name server

authorititive name serverdns.umass.edu

local name serverdns.eurecom.fr

1

23

4

5

6

32

DNS example

Root name server: may not know

authoritative name server

may know intermediate name server: who to contact to find authoritative name server

requesting hostsurf.eurecom.fr

gaia.cs.umass.edu

root name server

local name serverdns.eurecom.fr

1

23

4 5

6

authoritative name serverdns.cs.umass.edu

intermediate name serverdns.umass.edu

7

8

33

DNS: iterated queries

recursive query: puts burden of

name resolution on contacted name server

heavy load?

iterated query: contacted server

replies with name of server to contact

“I don’t know this name, but ask this server”

requesting hostsurf.eurecom.fr

gaia.cs.umass.edu

root name server

local name serverdns.eurecom.fr

1

23

4

5 6

authoritative name serverdns.cs.umass.edu

intermediate name serverdns.umass.edu

7

8

iterated query

34

DNS: caching and updating records

once (any) name server learns mapping, it caches mapping cache entries timeout (disappear)

after some time update/notify mechanisms under

design by IETF RFC 2136 http://www.ietf.org/html.charters/dnsind-

charter.html

35

DNS records

DNS: distributed db storing resource records (RR)

Type=NS name is domain (e.g.

foo.com) value is IP address of

authoritative name server for this domain

RR format: (name, value, type,ttl)

Type=A name is hostname value is IP address

Type=CNAME name is alias name for some

“canonical” (the real) name www.ibm.com is really servereast.backup2.ibm.com value is canonical name

Type=MX value is name of mailserver

associated with name

36

DNS protocol, messages

DNS protocol : query and reply messages, both with same message format

msg header identification: 16 bit #

for query, reply to query uses same #

flags: query or reply recursion desired recursion available reply is authoritative

37

DNS protocol, messages

Name, type fields for a query

RRs in responseto query

records forauthoritative servers

additional “helpful”info that may be used

38

Acknowledgments

Some slides are from: Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith RossAddison-Wesley, July 2002. All material copyright 1996-2002

J.F Kurose and K.W. Ross, All Rights Reserved