1

Network Security Understand principles of network security:

Cryptography and its many uses beyond “confidentiality”.

Authentication. Message integrity Non-repudiation Key distribution.

Security in practice: Firewalls Security and protocols in application, transport,

network, and link layers (NAT, IPSec, SSL, Kerberos, etc)

2

Security in network layers

3

Common Security Attacks Packet sniffing: To gain access to cleartext network data and

passwords

Impersonation: To gain unauthorized access to data or to create unauthorized e-mails by impersonating an authorized entity

Denial-of-service: To render network resources non-functional

Replay of messages: To gain access to information and change it in transit

Guessing of keys: To gain access to encrypted data and passwords (brute-force attack)

Port scanning: To discover potential available attack points

4

What is Network Security?

Confidentiality: only sender, intended receiver should “understand” message contents

Authentication: sender, receiver want to confirm identity of each other

Message Integrity: sender, receiver want to ensure message not altered without detection

Non-Repudiation: being able to prove that the sender did send the message

5

A Security Example: Alice, Bob, Trudy

Alice and Bob want to communicate “securely”. Trudy (intruder) may intercept, delete, add

messages, and so on to disrupt their communications.

6

Who Might Alice and Bob Be?

Users

Web browser/server for electronic transactions (e.g., on-line purchases)

On-line banking client/server

DNS servers

Routers exchanging routing table updates

7

Cryptography Definitions

Encryption is a process by which a message (called plaintext) is transformed into another message (called ciphertext) using a mathematical function and a special encryption password (called a key).

Decryption is the reverse process

8

Cryptography Definitions

plaintext plaintextciphertext

KA

encryptionalgorithm

decryption algorithm

Alice’s encryptionkey

Bob’s decryptionkey

KB

9

Symmetric (Secret) Key Cryptography

Same key decrypts and encrypts information.

The encryption functions used need not be secret, but the keys used must be secret

Sender and receiver must agree on the key before secured communication starts

The encryption and decryption functions used can be the same or different.

10

Symmetric Key Cryptography: Key Issues

Symmetric key cryptography: Bob and Alice share the same (symmetric) key: K

Question: How is the agreed upon key distributed to both Bob and Alice in a secure fashion?

plaintextciphertext

KA-B

encryptionalgorithm

decryption algorithm

KA-B

plaintextmessage, m

K (m)A-B

K (m)A-Bm = K ( )

A-B

11

Symmetric Key Cryptography: DES

DES: Data Encryption Standard US encryption standard 56-bit symmetric key, 64-bit plaintext input

AES: Advanced Encryption Standard Newer (November 2001) symmetric key replacing

DES. 128, 192, or 256 bit keys, 128-bit plaintext input Brute force decryption (trying each key) would take 1

second on DES, but would take 149 trillion years for AES.

IDEA: International Data Encryption Algorithm 64-bit input, 128-bit keys Stronger, more efficient than DES.

12

Public Key Cryptography

Symmetric key cryptography

Requires both the sender and receiver to know the shared secret key.

Question: how do they agree on the key in the first place (particularly if they have never “met”)?

Public key cryptography

Sender and receiver do not share secret key.

Public encryption key known to all.

Private decryption key known only by the owner.

13

Public (Assymetric) Key Cryptography

Keys are generated in pairs. Public key is publicly registered so everyone

knows it, and private one is kept secret by the owner.

Each key can decrypt what the other encrypts, but not what it encrypts itself.

Important properties of key generation: There is a one-to-one correspondence in the

generated key pairs – if one key can decrypt a message, it must have been encrypted by the other.

It must be extremely difficult, if not impossible, to deduce the private key when given a public key.

14

Public Key Cryptography

plaintextmessage, m

ciphertextencryptionalgorithm

decryption algorithm

Bob’s public key

plaintextmessageK (m)

B+

K B+

Bob’s privatekey

K B-

m = K (K (m))B+

B-

15

Public Key Encryption Algorithms

Diffie-Hellman: the first public key approach proposed.

RSA: the best known public key system, developed by Rivest, Shamir, and Adleman (hence RSA).

DSA: Digital Signature Algorithm, developed by the U.S. National Security Agency (NSA).

16

Symmetric vs. Public Key Cryptography

Which method provides stronger security?

Which method is more convenient?

Which method performs better?

Ideally, we would like to combine the strengths of symmetric and public key cryptography, and avoid their weaknesses: We want the efficiency of symmetric cryptography

combined with the ease of use and convenience of public key cryptography.

17

Hybrid Secret-Public Key Cryptography

When two parties want to communicate securely, public key cryptography is used to exchange a random symmetric session key.

To communicate, symmetric cryptography is used with the session key.

When done, both parties destroy the session key.

18

Hash functions/Message Digests

Message digest is a special kind of checksum produced using cryptographic means.

Typically produced from a one-way hash function that is difficult to reverse or predict.

This function takes the entire input and reduces it to a small value of fixed length, typically 128 to 512 bits in length.

Must be collision-resistant: must be difficult for 2 messages to produce the same digest

Encrypted hash (MAC) is used to ensure authentication and integrity

19

Message Digests: Hash Function Algorithms

MD5 hash function widely used SHA-1 is also used. Issues in both MD5 and SHA-1 have been found

in recent years though These algorithms are now being phased out

morequickly in favour of other, newer approaches like SHA-2.

20

Authentication and Integrity

Authentication is the process of proving one’s identity to someone else.

There are three main ways of authenticatingan individual: Something you know Something you own Something you are

Message integrity: ensuring that a message not altered without detection.

21

Digital Signatures

We would like to have a cryptographic technique analogous to hand-written signatures.

This digital signature is verifiable and not forgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed the document.

Hash encrypted by a private key is a digital signature that is then attached to the original message

By signing only the digest, we have the same level of security, as the digest is tied to the message, with less encryption and decryption overhead.

22

large message

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’s private

key K B-

+

Bob sends digitally signed message:

KB(H(m))-

encrypted msg digest

Signed Message Digests as Digital Signatures

23

large message

mH: Hashfunction H(m)

digitalsignature(encrypt)

Bob’s private

key K B-

+

Bob sends digitally signed message:

Alice verifies signature and integrity of digitally signed message:

KB(H(m))-

encrypted msg digest

KB(H(m))-

encrypted msg digest

large message

m

H: Hashfunction

H(m)

digitalsignature(decrypt)

H(m)

Bob’s public

key K B+

equal ?

Signed Message Digests as Digital Signatures

24

Certification Authorities

With public key cryptography there’s a danger of a “man-in-the-middle attacks”

How do we make sure that a particular public key belongs to a certain entity?

How can we avoid impersonation?

The International Telecommunication Union (ITU) specifies an authentication service and specific syntax for certificates in X.509.

25

Certification Authorities

Certification Authority (CA): binds a public key to particular entity, E.

E (person, router) registers its public key with CA. E provides “proof of identity” to CA. CA creates certificate binding E to its public key. Certificate containing E’s public key digitally signed

by CA – CA says “this is E’s public key”Bob’s public

key K B+

Bob’s identifying informatio

n

digitalsignature(encrypt)

CA private

key K CA-

K B+

certificate for Bob’s public

key, signed by CA

26

Certification Authorities

When Alice wants Bob’s public key: Gets Bob’s certificate (Bob or elsewhere). Apply CA’s public key to Bob’s certificate,

get Bob’s public key.

Bob’s public

key K B+

digitalsignature(decrypt)

CA public

key K CA+

K B+

27

Firewalls

isolates an organization’s internal network from a larger external network, allowing some packets to pass, blocking others

firewall

28

Packet Filtering FirewallsAll incoming and outgoing packets are examined according to some parameters (such as source/destinations IP address and/or port number)

29

Application Layer Gateway/Firewalls

An application gateway (proxy) is an application-specific server through which all application data (inbound and outbound) must pass.

30

IPsec: Network Layer Security

Network-layer secrecy: Sending host encrypts the

data in IP datagram. TCP and UDP segments;

ICMP and SNMP messages.

Network-layer authentication Destination host can

authenticate source IP addresses.

Two principle protocols: Authentication header

(AH) protocol Encapsulation security

payload (ESP) protocol

For both AH and ESP protocols, the source and destination handshake: Create network-layer

logical channel called a security association (SA).

31

Authentication Header (AH) Protocol

Provides source authentication, data integrity, but not confidentiality.

AH header inserted between IP header, data field.

IP header data (e.g., TCP, UDP segment)AH header

32

Encapsulation Security Payload (ESP) Protocol

Provides secrecy, host authentication, and data integrity.

Packet data and the ESP trailer are encrypted.

IP header TCP/UDP segmentESP

headerESP

trailerESP

authent.

encryptedauthenticated

33

Secure Sockets Layer (SSL)

Transport layer security to any TCP-based application using SSL services.

Used between Web browsers, servers for e-commerce (shttp).

Security services: Server authentication. Data encryption. Client authentication

(optional).

Server authentication: SSL-enabled browser

includes public keys for trusted CAs.

Browser requests server certificate, issued by trusted CA.

Browser uses CA’s public key to extract server’s public key from certificate.

34

SSL (Continued)

Encrypted SSL session: Browser generates

symmetric session key, encrypts it with server’s public key, sends encrypted key to server.

Using private key, server decrypts session key.

Only the browser and server know session key. All data sent into TCP

socket (by client or server) encrypted with session key.

SSL can be used for non-Web applications, e.g., IMAP.

Client authentication can be done with client certificates which have also been issued by CAs.

SSL serves as a basis for TLS protocol

35

VPN A virtual private network is an extension of an

enterprise's private intranet across a public network such as the Internet, creating a secure private connection, through a private tunnel.

36

Kerberos

an encryption-based security system that provides mutual authentication between the users and the servers in a network environment.

Authorization can be implemented independently from the authentication

a ticket-granting server (key distribution center) acts as a mutually trusted third party

37

Key Distribution Centers (KDCs)

Alice, Bob need shared symmetric key. KDC: server shares different secret key with each

registered user (many users). Alice, Bob know own their symmetric keys, KA-KDC

and KB-KDC , for communicating with KDC.

KB-KDC

KX-KDC

KY-KDC

KZ-KDC

KP-KDCKB-KDC

KA-KDC

KA-KDC

KDC

38

Key Distribution Centers (KDCs)

Aliceknows

R1

Bob knows to use R1 to communicate with Alice

Alice and Bob communicate: using R1 as session key for shared symmetric

encryption

Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other?

KDC generate

s R1

KB-KDC(A,R1)

KA-KDC(A,B)

KA-KDC(R1, KB-KDC(A,R1) )