Вы находитесь на странице: 1из 18
Chapter 7 Network Security Note: Some figures in this sli des are taken from the

Chapter 7

Network Security

Note: Some figures in this slides are taken from the book “Computer Networking” by Kurose and Ross

Chapter 7: Network Securityfrom the book “Comp uter Networking” by Kurose and Ross Chapter goals: understand principles of network

Chapter goals:

understand principles of network security:

cryptography and its many uses beyond “confidentiality”

authentication

message integrity

security in practice:

firewalls

security in application, transport, network, link layers – see ref books (not covered in class)

2

ECE/CSC 570, Fall 2014

ref books (not covered in class) 2 ECE/CSC 570, Fall 2014 What is network security? Confidentiality:
ref books (not covered in class) 2 ECE/CSC 570, Fall 2014 What is network security? Confidentiality:

What is network security?

Confidentiality: only sender, intended receiver should “understand” message contents sender encrypts message receiver decrypts message

Authentication: sender, receiver want to confirm identity of each other

Message integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection

Access and availability: services must be accessible and available to users

3

ECE/CSC 570, Fall 2014

accessible and available to users 3 ECE/CSC 570, Fall 2014 Outline Encryption Algorithms: Cryptography symmetric key
accessible and available to users 3 ECE/CSC 570, Fall 2014 Outline Encryption Algorithms: Cryptography symmetric key

Outline

Encryption Algorithms: Cryptography

symmetric key vs. public key

Message Integrity Protocols

Digital signature

Authentication Protocols Key Distribution Firewalls

4

ECE/CSC 570, Fall 2014

Integrity Protocols Digital signature Authentication Protocols Key Distribution Firewalls 4 ECE/CSC 570, Fall 2014

Friends and enemies: Alice, Bob, TrudyWell-known in network security world Bob, Alice (lovers!) want to communicate “securely” Trudy (intruder) may

Well-known in network security world

Bob, Alice (lovers!) want to communicate “securely”

Trudy (intruder) may intercept, delete, add messages

Alice Bob channel data, control messages secure secure data data sender receiver Trudy
Alice
Bob
channel data, control
messages
secure
secure
data
data
sender
receiver
Trudy

5

ECE/CSC 570, Fall 2014

data data sender receiver Trudy 5 ECE/CSC 570, Fall 2014 Who might Bob, Alice be? …

Who might Bob, Alice be?data data sender receiver Trudy 5 ECE/CSC 570, Fall 2014 … well, real-life Bobs and Alices!

… well, real-life Bobs and Alices! Web browser/server for electronic transactions (e.g., on-line purchases) on-line banking client/server DNS servers routers exchanging routing table updates other examples?

6

ECE/CSC 570, Fall 2014

table updates other examples? 6 ECE/CSC 570, Fall 2014 There are bad guys (and girls) out

There are bad guys (and girls) out there!table updates other examples? 6 ECE/CSC 570, Fall 2014 Q: What can a “bad guy” do?

Q: What can a “bad guy” do? A: a lot!

eavesdrop: intercept messages actively insert messages into connection impersonation: can fake (spoof) source address in packet (or any field in packet) hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place denial of service: prevent service from being used by others (e.g., by overloading resources)

more on this later ……

7

ECE/CSC 570, Fall 2014

more on this later …… 7 ECE/CSC 570, Fall 2014 The language of cryptography (general) plaintext

The language of cryptography (general)more on this later …… 7 ECE/CSC 570, Fall 2014 plaintext K A Alice’s encryption key

570, Fall 2014 The language of cryptography (general) plaintext K A Alice’s encryption key encryption

plaintext

Fall 2014 The language of cryptography (general) plaintext K A Alice’s encryption key encryption algorithm
Fall 2014 The language of cryptography (general) plaintext K A Alice’s encryption key encryption algorithm

K A

Alice’s

encryption

key encryption algorithm
key
encryption
algorithm

ciphertext

A Alice’s encryption key encryption algorithm ciphertext Bob’s decryption K B key decryption plaintext
A Alice’s encryption key encryption algorithm ciphertext Bob’s decryption K B key decryption plaintext

Bob’sA Alice’s encryption key encryption algorithm ciphertext decryption K B key decryption plaintext algorithm

decryption K B key decryption plaintext algorithm
decryption
K B
key
decryption
plaintext
algorithm

symmetric key crypto: sender, receiver keys identical, i.e., K A = K B = K

public-key crypto: encryption key public, decryption key secret (private)

8

ECE/CSC 570, Fall 2014

= K B = K public-key crypto: encryption key public , decryption key secret ( private)

The encryption model (for a symmetric-key cipher) (for a symmetric-key cipher)

The encryption model (for a symmetric-key cipher) 9 ECE/CSC 570, Fall 2014 The encryption model (for

9

ECE/CSC 570, Fall 2014

model (for a symmetric-key cipher) 9 ECE/CSC 570, Fall 2014 The encryption model (for a symmetric-key

The encryption model (for a symmetric-key cipher) (2) (for a symmetric-key cipher) (2)

C = E K (P): Encryption of the plaintext P using key K ciphertext C

P = D K (C): decryption of C

D K (E K (P)) = P

Kerchhoff’s principle: All algorithms must be public; only the keys are secret.

10

ECE/CSC 570, Fall 2014

public; only the keys are secret. 10 ECE/CSC 570, Fall 2014 Substitution Ciphers substitution cipher: substituting

Substitution Cipherspublic; only the keys are secret. 10 ECE/CSC 570, Fall 2014 substitution cipher: substituting one thing

substitution cipher: substituting one thing for another

monoalphabetic cipher: substitute one letter for another

plaintext: abcdefghijklmnopqrstuvwxyz

ciphertext: mnbvcxzasdfghjklpoiuytrewq

E.g.:

plaintext: bob. i love you. alice ciphertext: nkn. s gktc wky. mgsbc

Key is a known substitution pattern in mono-alphabetic substitution cipher Q: how do Bob and Alice agree on key value in the first place ? Problem?

11

ECE/CSC 570, Fall 2014

in the first place ? Problem? 11 ECE/CSC 570, Fall 2014 Transposition Ciphers A transposition cipher

Transposition Ciphersin the first place ? Problem? 11 ECE/CSC 570, Fall 2014 A transposition cipher Reorder the

A transposition cipher

Reorder the letters but do not disguise them

12

Key: MEGABUCK
Key: MEGABUCK

Read out by columns

ECE/CSC 570, Fall 2014

cipher Reorder the letters but do not disguise them 12 Key: MEGABUCK Read out by columns
One-Time Pads Message 1: “I love you.” in 7-bit ASCII XORed with pad Pad 1

One-Time Pads

Message 1: “I love you.” in 7-bit ASCII XORed with pad

1: “I love you.” in 7-bit ASCII XORed with pad Pad 1 = Pad 2 ?

Pad 1 = Pad 2 ?

The use of a one-time pad for encryption and the possibility of getting any possible plaintext from the ciphertext by the use of some other pad.

Problem?: 1. the key cannot be memorized 2. the total amount of data that can be transmitted is limited by the amount of key available.

13

ECE/CSC 570, Fall 2014

by the amount of key available. 13 ECE/CSC 570, Fall 2014 Fundamental principles Redundancy: Messages must

Fundamental principlesby the amount of key available. 13 ECE/CSC 570, Fall 2014 Redundancy: Messages must contain some

Redundancy: Messages must contain some redundancy Freshness: Some method is needed to foil replay attacks The algorithm should be public, only the key should be secret.

14

ECE/CSC 570, Fall 2014

only the key should be secret. 14 ECE/CSC 570, Fall 2014 Symmetric-Key Algorithms DES – The

Symmetric-Key Algorithmsonly the key should be secret. 14 ECE/CSC 570, Fall 2014 DES – The Data Encryption

DES – The Data Encryption Standard AES – The Advanced Encryption Standard Cipher Modes

Symmetric Key Algorithm: Use same key for encryption and decryption

15

ECE/CSC 570, Fall 2014

key for encryption and decryption 15 ECE/CSC 570, Fall 2014 Product Ciphers Basic elements of product
key for encryption and decryption 15 ECE/CSC 570, Fall 2014 Product Ciphers Basic elements of product

Product Ciphers

and decryption 15 ECE/CSC 570, Fall 2014 Product Ciphers Basic elements of product ciphers. (a) P-box.

Basic elements of product ciphers.

(a)

P-box. Permutation

(b)

S-box. Substitution

(c)

Product cipher box. k inputs to k outputs.

16

ECE/CSC 570, Fall 2014

Permutation (b) S-box. Substitution (c) Product cipher box. k inputs to k outputs. 16 ECE/CSC 570,

DES – Data Encryption Standard17 Plaintext Plaintext Encrypt with secret key Decrypt with secret key ECE/CSC 570, Fall 2014

17

Plaintext

Plaintext

Encrypt with secret key
Encrypt with
secret key
Decrypt with secret key
Decrypt with
secret key
Plaintext Encrypt with secret key Decrypt with secret key ECE/CSC 570, Fall 2014 Data Encryption Standard

ECE/CSC 570, Fall 2014

secret key Decrypt with secret key ECE/CSC 570, Fall 2014 Data Encryption Standard The data encryption

Data Encryption Standardsecret key Decrypt with secret key ECE/CSC 570, Fall 2014 The data encryption standard. (a) General

secret key ECE/CSC 570, Fall 2014 Data Encryption Standard The data encryption standard. (a) General outline.

The data encryption standard. (a) General outline. (b) Detail of one iteration. The circled + means exclusive OR.

18

ECE/CSC 570, Fall 2014

The circled + means exclusive OR. 18 ECE/CSC 570, Fall 2014 Triple DES (a) Triple encryption
The circled + means exclusive OR. 18 ECE/CSC 570, Fall 2014 Triple DES (a) Triple encryption

Triple DES

(a) Triple encryption using DES. (b) Decryption.

Total key length = 56 + 56 = 112 bits

(b) Decryption. Total key length = 56 + 56 = 112 bits 19 Why EDE instead

19

Why EDE instead of EEE?

ECE/CSC 570, Fall 2014

= 112 bits 19 Why EDE instead of EEE? ECE/CSC 570, Fall 2014 AES – The

AES – The Advanced Encryption Standard= 112 bits 19 Why EDE instead of EEE? ECE/CSC 570, Fall 2014 Rules for AES

Rules for AES proposals (1997)

1. The algorithm must be a symmetric block cipher.

2. The full design must be public.

3. Key lengths of 128, 192, and 256 bits supported.

4. Both software and hardware implementations required

5. The algorithm must be public or licensed on nondiscriminatory terms.

Winner: Rijndael (based on Galois field theory)

20

ECE/CSC 570, Fall 2014

public or licensed on nondiscriminatory terms. Winner: Rijndael (based on Galois field theory) 20 ECE/CSC 570,
Cipher Modes Electronic Code Book Mode Cipher Block Chaining Mode Cipher Feedback Mode Stream Cipher

Cipher Modes

Electronic Code Book Mode Cipher Block Chaining Mode Cipher Feedback Mode Stream Cipher Mode Counter Mode

AES or DES is still mono-alphabetic substitution cipher, i.e., same input and always same output not good

21

ECE/CSC 570, Fall 2014

and always same output not good 21 ECE/CSC 570, Fall 2014 Electronic Code Book Mode The

Electronic Code Book Modeand always same output not good 21 ECE/CSC 570, Fall 2014 The plaintext of a file

The plaintext of a file encrypted as 16 DES blocks.

Mode The plaintext of a file encrypted as 16 DES blocks. Message is broken up into

Message is broken up into consecutive 8-byte blocks and encrypted one after another with the same key

22

ECE/CSC 570, Fall 2014

after another with the same key 22 ECE/CSC 570, Fall 2014 Cipher Block Chaining Mode Cipher

Cipher Block Chaining Modeafter another with the same key 22 ECE/CSC 570, Fall 2014 Cipher block chaining. (a) Encryption

Cipher block chaining.

(a) Encryption

(b) Decryption.

IV: Initialization Vector

(a) Encryption (b) Decryption. IV: Initialization Vector Same plaintext generates different ciphertext depending on

Same plaintext generates different ciphertext depending on where it occurs.

Require an entire 64-bit (8-byte) block to arrive before decryption can begin

23

ECE/CSC 570, Fall 2014

before decryp tion can begin 23 ECE/CSC 570, Fall 2014 Cipher Feedback Mode (a) Encryption. (b)

Cipher Feedback Modebefore decryp tion can begin 23 ECE/CSC 570, Fall 2014 (a) Encryption. (b) Decryption. Byte-by-Byte encryption.

(a) Encryption.

(b) Decryption.

2014 Cipher Feedback Mode (a) Encryption. (b) Decryption. Byte-by-Byte encryption. No need to wait for 8

Byte-by-Byte encryption. No need to wait for 8 bytes to start

24

ECE/CSC 570, Fall 2014

(a) Encryption. (b) Decryption. Byte-by-Byte encryption. No need to wait for 8 bytes to start 24

Stream Cipher ModeA stream cipher. (a) Encryption. (b) Decryption. Similar to huge one-time pad keystream generated by

A stream cipher.

(a) Encryption.

(b) Decryption.

Mode A stream cipher. (a) Encryption. (b) Decryption. Similar to huge one-time pad keystream generated by

Similar to huge one-time pad keystream generated by key (can be pre-computed)

25

ECE/CSC 570, Fall 2014

by key (can be pre-computed) 25 ECE/CSC 570, Fall 2014 Counter Mode Encryption using counter mode.
by key (can be pre-computed) 25 ECE/CSC 570, Fall 2014 Counter Mode Encryption using counter mode.

Counter Mode

Encryption using counter mode.

570, Fall 2014 Counter Mode Encryption using counter mode. Enables random access to encrypted data via

Enables random access to encrypted data via “counter” no need to decrypt from the beginning

26

ECE/CSC 570, Fall 2014

need to decrypt from the beginning 26 ECE/CSC 570, Fall 2014 Public Key Cryptography 27 symmetric

Public Key Cryptographyneed to decrypt from the beginning 26 ECE/CSC 570, Fall 2014 27 symmetric key crypto requires

27

symmetric key crypto

requires sender, receiver knows shared secret key

Q: how to agree on key in first place (particularly if never “met”)?

public key cryptography radically different approach [Diffie- Hellman76, RSA78] sender, receiver do not share
public key cryptography
radically different
approach [Diffie-
Hellman76, RSA78]
sender, receiver do not
share secret key
public encryption key
known to all
private decryption key
known only to receiver

ECE/CSC 570, Fall 2014

key known only to receiver ECE/CSC 570, Fall 2014 Public key cryptography (2) 28 plaintext message,

Public key cryptography (2)key known only to receiver ECE/CSC 570, Fall 2014 28 plaintext message, P E B D

28

plaintext message, P
plaintext
message, P
E B D B
E B
D B

Bob’s public

key

Bob’s private

key

message, P E B D B Bob’s public key Bob’s private key encryption algorithm ciphertext C
message, P E B D B Bob’s public key Bob’s private key encryption algorithm ciphertext C

encryption

algorithm

ciphertext C = E B (P) decryption plaintext algorithm message
ciphertext
C = E B (P)
decryption
plaintext
algorithm
message

P = D B (E B (P))

ECE/CSC 570, Fall 2014

ciphertext C = E B (P) decryption plaintext algorithm message P = D B (E B

Public key encryption algorithmsRequirements D(E(P))=P It is exceedingly difficult to deduce D from E RSA: Rivest, Shamir, Adelson

Requirements

D(E(P))=P It is exceedingly difficult to deduce D from E

RSA: Rivest, Shamir, Adelson algorithm

29

ECE/CSC 570, Fall 2014

Rivest, Shamir, Adelson algorithm 29 ECE/CSC 570, Fall 2014 Large Prime Numbers 104729 * 95581 =

Large Prime NumbersRivest, Shamir, Adelson algorithm 29 ECE/CSC 570, Fall 2014 104729 * 95581 = ? (Ans) 10010102549

104729 * 95581 = ? (Ans) 10010102549 (easy computation)

Can you efficiently factorize 10010102549 then?

What if the number is “way much larger”?

2 43112609 -1 : 12978189 digits: found in 2008 (Mersenne Prime Number)

30

ECE/CSC 570, Fall 2014

in 2008 (Mersenne Prime Number) 30 ECE/CSC 570, Fall 2014 Review: Modulo operation Integer variables Def:

Review: Modulo operationin 2008 (Mersenne Prime Number) 30 ECE/CSC 570, Fall 2014 Integer variables Def: a=b (mod n)

Integer variables

Def: a=b (mod n) (a-b) is divisible by n

i.e., there exists an integer k such that (a-b) = nk

Properties:

a=b (mod n) b=a (mod n)

a=b (mod n) & b=c (mod n) a=c (mod n)

a=b (mod n) & c=d (mod n) a+c = b+d (mod n) & ac = bd (mod n)

a=b (mod n) a p = b p (mod n)

31

ECE/CSC 570, Fall 2014

n) a p = b p (mod n) 31 ECE/CSC 570, Fall 2014 RSA: Choosing keys

RSA: Choosing keysn) a p = b p (mod n) 31 ECE/CSC 570, Fall 2014 1. Choose two

1. Choose two large prime numbers p, q. (e.g., 1024 bits each)

2. Compute n = pq, z = (p-1)(q-1)

3. Choose d ( with d < n) that has no common factors with z. (d, z are “relatively prime”).

4. Choose e such that ed-1 is exactly divisible by z. (in other words: ed =1 (mod z ).

32

divisible by z . (in other words: ed =1 (mod z ). 32 Public key is

Public key is (n,e). Private key is (n,d).

other words: ed =1 (mod z ). 32 Public key is ( n,e ). Private key

E

B

ECE/CSC 570, Fall 2014

D B

other words: ed =1 (mod z ). 32 Public key is ( n,e ). Private key

RSA: Encryption, decryption0. Given ( n, e ) and ( n, d ) as computed above 1.

0. Given (n, e) and (n, d ) as computed above

1. To encrypt bit pattern, P, compute

C = P

e mod (n) (i.e., remainder when P

e is divided by n)

2. To decrypt received bit pattern, C, compute

P = C d mod (n) (i.e., remainder when C d is divided by n)
P = C
d mod (n) (i.e., remainder when C
d is divided by n)
Magic
P
=
(P
e mod n)
d mod n
happens!
C

33

ECE/CSC 570, Fall 2014

(P e mod n) d mod n happens! C 33 ECE/CSC 570, Fall 2014 RSA: Example
(P e mod n) d mod n happens! C 33 ECE/CSC 570, Fall 2014 RSA: Example

RSA: Example

p=3 and q=11, this gives us n=33 and z=20. A good value for d is d=7 since 7 and 20 have no common factors. Now 7e =1 mod(20) and this gives us e=3.

no common factors. Now 7e =1 mod(20) and this gives us e=3. 34 ECE/CSC 570, Fall

34

ECE/CSC 570, Fall 2014

=1 mod(20) and this gives us e=3. 34 ECE/CSC 570, Fall 2014 RSA: Why is that
=1 mod(20) and this gives us e=3. 34 ECE/CSC 570, Fall 2014 RSA: Why is that

RSA: Why is that P = (P mod n)

e

d mod n

Useful number theory result: If p, q prime and n = pq, then for any x and y

35

(P

e

mod n)

d

y

y mod (p-1)(q-1)

x

mod n = x

 

mod n

mod

n

=

P

ed

mod n

 

=

P

ed mod (p-1)(q-1)

mod n

=

P

1

mod n

=

P

(using number theory result above)

(since we chose ed to be divisible by (p-1)(q-1) with remainder 1 )

ECE/CSC 570, Fall 2014

by (p-1)(q-1) with remainder 1 ) ECE/CSC 570, Fall 2014 RSA: another important property The following

RSA: another important propertyby (p-1)(q-1) with remainder 1 ) ECE/CSC 570, Fall 2014 The following property will be very

The following property will be very useful later:

36

D (E (P)) B B
D
(E (P))
B
B

=

P

use public key first, followed by private key

= E B (D B (P))
= E
B (D
B (P))

use private key first, followed by public key

Result is the same!

Why?

ECE/CSC 570, Fall 2014

key = E B (D B (P)) use private key first, followed by public key Result

Digital SignaturesCryptographic technique analogous to hand- written signatures. Requirements The receiver can verify the claimed

Cryptographic technique analogous to hand- written signatures.

Requirements

The receiver can verify the claimed identity of the sender

The sender cannot later repudiate the contents of the message.

The receiver cannot possibly have concocted the message himself.

37

ECE/CSC 570, Fall 2014

concocted the message himself. 37 ECE/CSC 570, Fall 2014 Public Key Signature Digital signatures using public-key

Public Key Signatureconcocted the message himself. 37 ECE/CSC 570, Fall 2014 Digital signatures using public-key cryptography. Bob thus

Digital signatures using public-key cryptography.

Signature Digital signatures using public-key cryptography. Bob thus verifies that: Non-repudiation : Alice signed P.

Bob thus verifies that:

Non-repudiation:

Alice signed P. No one else signed P. Alice signed P and not P’.

Bob can take P and signature D A (P) to court and prove that Alice signed P.

38

ECE/CSC 570, Fall 2014

and prove that Alice signed P . 38 ECE/CSC 570, Fall 2014 Message Digests (MD) 39

Message Digests (MD)and prove that Alice signed P . 38 ECE/CSC 570, Fall 2014 39 Computationally expensive to

39

Computationally expensive to public-key-encrypt long messages

Goal: fixed-length, easy- to- compute “digital fingerprint”

Apply hash function MD to P, get fixed size message digest, MD(P).

long H: Hash message Function P H(P)
long
H: Hash
message
Function
P
H(P)

Hash function (MD) • many-to-1 • produces fixed-size msg digest (fingerprint)

ECE/CSC 570, Fall 2014

fixed-size msg digest (fingerprint) ECE/CSC 570, Fall 2014 Message Digest (MD) (2) 40 Hash function (MD)

Message Digest (MD) (2)fixed-size msg digest (fingerprint) ECE/CSC 570, Fall 2014 40 Hash function (MD) properties: Given P, it

40

Hash function (MD) properties:

Given P, it is easy to compute MD(P)

Given MD(P), it is effectively impossible to find P.

Given P, no one can find P’ such that MD(P’)=MD(P).

A change to the input of even 1 bit produces a very different output.

One-way

function

A change to the input of even 1 bit produces a very different output. One-way function

ECE/CSC 570, Fall 2014

A change to the input of even 1 bit produces a very different output. One-way function

Digital Signature = Signed Message DigestB o b s e n d s d i g i t a l

Bob sends digitally signed message:

Alice verifies signature and integrity of digitally signed message:

large message H: Hash encrypted H(P) P function msg digest D B (H(P)) digital Bob’s
large
message
H: Hash
encrypted
H(P)
P
function
msg digest
D
B (H(P))
digital
Bob’s
large
private
signature
message
Bob’s
key
(encrypt)
P
digital
D B
public
signature
key
(decrypt)
encrypted
H: Hash
E B
msg digest
function
+
D
B (H(P))
H(P)
H(P)
equal
No secrecy here.
anyone can see Bob’s message.
?

41

ECE/CSC 570, Fall 2014

anyone can see Bob’s message. ? 41 ECE/CSC 570, Fall 2014 Authentication Goal: Bob wants Alice
anyone can see Bob’s message. ? 41 ECE/CSC 570, Fall 2014 Authentication Goal: Bob wants Alice

Authentication

Goal: Bob wants Alice to “prove” her identity to him

Protocol ap1.0: Alice says “I am Alice”

42

to him Protocol ap1.0: Alice says “I am Alice” 42 “I am Alice” ECE/CSC 570, Fall

“I am Alice”

ap1.0: Alice says “I am Alice” 42 “I am Alice” ECE/CSC 570, Fall 2014 Failure scenario??
ap1.0: Alice says “I am Alice” 42 “I am Alice” ECE/CSC 570, Fall 2014 Failure scenario??
ap1.0: Alice says “I am Alice” 42 “I am Alice” ECE/CSC 570, Fall 2014 Failure scenario??

ECE/CSC 570, Fall 2014

Failure scenario??

“I am Alice” ECE/CSC 570, Fall 2014 Failure scenario?? Authentication Goal: Bob wants Alice to “prove”
“I am Alice” ECE/CSC 570, Fall 2014 Failure scenario?? Authentication Goal: Bob wants Alice to “prove”

Authentication

Goal: Bob wants Alice to “prove” her identity to him

Protocol ap1.0: Alice says “I am Alice”

43

“I am Alice”
“I am Alice”

ECE/CSC 570, Fall 2014

in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice

Alice, so Trudy simply declares herself to be Alice Authentication: another try Protocol ap2.0: Alice says

Authentication: another tryAlice, so Trudy simply declares herself to be Alice Protocol ap2.0: Alice says “I am Alice”

Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address

Alice’s “I am Alice” IP address
Alice’s
“I am Alice”
IP address

44

containing her source IP address Alice’s “I am Alice” IP address 44 ECE/CSC 570, Fall 2014

ECE/CSC 570, Fall 2014

Failure scenario??

containing her source IP address Alice’s “I am Alice” IP address 44 ECE/CSC 570, Fall 2014
Authentication: another try Protocol ap2.0: Alice says “I am Alice” in an IP packet containing

Authentication: another try

Protocol ap2.0: Alice says “I am Alice” in an IP packet containing her source IP address

Alice’s “I am Alice” IP address
Alice’s
“I am Alice”
IP address

45

ECE/CSC 570, Fall 2014

Trudy can create a packet “spoofing” Alice’s address

can create a packet “spoofing” Alice’s address Authentication: another try Protocol ap3.0: Alice says “I
can create a packet “spoofing” Alice’s address Authentication: another try Protocol ap3.0: Alice says “I

Authentication: another try

Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.

46

Alice’s Alice’s “I’m Alice” IP addr password
Alice’s
Alice’s
“I’m Alice”
IP addr
password
Alice’s OK IP addr
Alice’s
OK
IP addr

Failure scenario??“I’m Alice” IP addr password Alice’s OK IP addr ECE/CSC 570, Fall 2014 Authentication: another try

ECE/CSC 570, Fall 2014

OK IP addr Failure scenario?? ECE/CSC 570, Fall 2014 Authentication: another try Protocol ap3.0: Alice says
OK IP addr Failure scenario?? ECE/CSC 570, Fall 2014 Authentication: another try Protocol ap3.0: Alice says

Authentication: another try

Protocol ap3.0: Alice says “I am Alice” and sends her secret password to “prove” it.

47

Alice’s Alice’s “I’m Alice” IP addr password
Alice’s
Alice’s
“I’m Alice”
IP addr
password
Alice’s Alice’s “I’m Alice” IP addr password Alice’s OK IP addr Alice’s Alice’s “I’m
Alice’s OK IP addr Alice’s Alice’s “I’m Alice” IP addr password
Alice’s
OK
IP addr
Alice’s
Alice’s
“I’m Alice”
IP addr
password

playback attack: Trudy records Alice’s packet and later plays it back to Bob

ECE/CSC 570, Fall 2014

and later plays it back to Bob ECE/CSC 570, Fall 2014 Authentication: yet another try Protocol
and later plays it back to Bob ECE/CSC 570, Fall 2014 Authentication: yet another try Protocol

Authentication: yet another try

Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.

48

Alice’s encrypted “I’m Alice” IP addr password
Alice’s
encrypted
“I’m Alice”
IP addr
password
Alice’s OK IP addr
Alice’s
OK
IP addr

Failure scenario??it. 48 Alice’s encrypted “I’m Alice” IP addr password Alice’s OK IP addr ECE/CSC 570, Fall

ECE/CSC 570, Fall 2014

encrypted “I’m Alice” IP addr password Alice’s OK IP addr Failure scenario?? ECE/CSC 570, Fall 2014

Authentication: another tryProtocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove”

Protocol ap3.1: Alice says “I am Alice” and sends her encrypted secret password to “prove” it.

Alice’s encrypted “I’m Alice” IP addr password Alice’s OK IP addr Alice’s encrypted “I’m
Alice’s
encrypted
“I’m Alice”
IP addr
password
Alice’s
OK
IP addr
Alice’s
encrypted
“I’m Alice”
IP addr
password

49

ECE/CSC 570, Fall 2014

record

and

playback

still works!

49 ECE/CSC 570, Fall 2014 record and playback still works! Authentication: yet another try Goal: avoid

Authentication: yet another try49 ECE/CSC 570, Fall 2014 record and playback still works! Goal: avoid playback attack Nonce: number

Goal: avoid playback attack

Nonce: number (R) used only once–in-a-lifetime

ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key K

“I am Alice” R
“I am Alice”
R

50

K (R) A-B
K
(R)
A-B

Failures, drawbacks?

ECE/CSC 570, Fall 2014

Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice!

only Alice knows key to encrypt nonce, so it must be Alice! Authentication: ap5.0 ap4.0 requires

Authentication: ap5.0only Alice knows key to encrypt nonce, so it must be Alice! ap4.0 requires shared symmetric

ap4.0 requires shared symmetric key

Can we authenticate using public key techniques?

ap5.0: use nonce, public key cryptography

51

“I am Alice”

R - K (R) A “send me your public key” + K A
R
-
K
(R)
A
“send me your public key”
+
K A
R - K (R) A “send me your public key” + K A Bob computes +
R - K (R) A “send me your public key” + K A Bob computes +

Bob computes

+ -

K A

(K A

(R)) = R

and knows only Alice

could have the private

key, that encrypted R such that

K

+

A

-

(K

A

(R)) = R

+: public -: private

ECE/CSC 570, Fall 2014

- (K A (R)) = R +: public -: private ECE/CSC 570, Fall 2014 ap5.0: security

ap5.0: security hole- (K A (R)) = R +: public -: private ECE/CSC 570, Fall 2014 Man (woman)

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

I am Alice I am Alice R K - (R) R T Send me your
I am Alice
I am Alice
R
K
-
(R)
R
T
Send me your public key
-
K
(R)
+
A
K
T
Send me your public key
+
K
A
+
Trudy gets
K
(m)
T
- +
m = K
(K
T
(m))
+
T

-

A

m = K

52

(K

+

A

(m))

K

A

(m)

sends m to Alice encrypted with Alice’s public key

ECE/CSC 570, Fall 2014

(m)) + T - A m = K 52 (K + A (m)) K A (m)

ap5.0: security holeMan (woman) in the middle attack : Trudy poses as Alice (to Bob) and as

Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice)

: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: Bob
: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: Bob
: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: Bob
: Trudy poses as Alice (to Bob) and as Bob (to Alice) Difficult to detect: Bob

Difficult to detect:

Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation)

problem is that Trudy receives all messages as well!

53

ECE/CSC 570, Fall 2014

receives all messages as well! 53 ECE/CSC 570, Fall 2014 Key Distribution and Certification 54 Symmetric

Key Distribution and Certificationreceives all messages as well! 53 ECE/CSC 570, Fall 2014 54 Symmetric key problem: How do

54

Symmetric key problem:

How do two entities establish shared secret key over network? (They’ve never met before!)

Solution:

trusted key distribution center (KDC) acting as intermediary between entities

Public key problem:

When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s?

Solution:

trusted certification authority (CA)

ECE/CSC 570, Fall 2014

trusted certification authority (CA) ECE/CSC 570, Fall 2014 Key Distribution Center (KDC) Alice, Bob need shared

Key Distribution Center (KDC)trusted certification authority (CA) ECE/CSC 570, Fall 2014 Alice, Bob need shared symmetric key. KDC: server

Alice, Bob need shared symmetric key.

KDC: server shares different secret key with each registered user (many users)

Alice, Bob know their individual symmetric keys, K A-KDC K B-KDC , for communicating with KDC.

55

K P-KDC
K P-KDC
K B-KDC
K B-KDC
K A-KDC
K A-KDC
KDC K P-KDC K A-KDC K X-KDC K Y-KDC K Z-KDC K B-KDC
KDC
K P-KDC
K A-KDC
K X-KDC
K Y-KDC
K Z-KDC
K B-KDC

ECE/CSC 570, Fall 2014

K X-KDC K Y-KDC K Z-KDC K B-KDC ECE/CSC 570, Fall 2014 Key Distribution Center (KDC)

Key Distribution Center (KDC) (2)K X-KDC K Y-KDC K Z-KDC K B-KDC ECE/CSC 570, Fall 2014 Q: How does KDC

Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other?

KDC K A-KDC (A,B) generates R1 (random number) Alice K A-KDC (R1, K B-KDC (A,R1)
KDC
K A-KDC (A,B)
generates
R1 (random
number)
Alice
K A-KDC (R1, K B-KDC (A,R1) )
Bob knows to use
knows
R1
K
(A,R1)
B-KDC
R1 to communicate
with Alice

Alice and Bob communicate: using R1 as session key for shared symmetric encryption

56

ECE/CSC 570, Fall 2014

Alice Alice and Bob communicate: using R1 as session key for shared symmetric encryption 56 ECE/CSC

Certification AuthoritiesCertification authority (CA): binds public key to particular entity, E. E (person, router) registers its

Certification authority (CA): binds public key to particular entity, E.

E (person, router) registers its public key with CA.

E provides “proof of identity” to CA.

CA creates certificate binding E to its public key.

certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key”

Bob’s digital public signature K + + B key (encrypt) K B CA certificate for
Bob’s
digital
public
signature
K +
+
B
key
(encrypt)
K B
CA
certificate for
-
Bob’s
private
K CA
identifying
key
Bob’s public key,
signed by CA
information

57

ECE/CSC 570, Fall 2014

key, signed by CA information 57 ECE/CSC 570, Fall 2014 Certification Authorities (2) When Alice wants

Certification Authorities (2)key, signed by CA information 57 ECE/CSC 570, Fall 2014 When Alice wants Bob’s public key:

When Alice wants Bob’s public key:

gets Bob’s certificate (Bob or elsewhere).

apply CA’s public key to Bob’s certificate, get Bob’s public key

58

+ K B
+
K B
key to Bob’s certificate, get Bob’s public key 58 + K B digital signature (decrypt) CA

digital

signature

(decrypt)

CA + public K CA key ECE/CSC 570, Fall 2014
CA
+
public
K CA
key
ECE/CSC 570, Fall 2014
+ K B
+
K B

Bob’s

public

key

K CA key ECE/CSC 570, Fall 2014 + K B Bob’s public key A certificate contains:

A certificate contains:K CA key ECE/CSC 570, Fall 2014 + K B Bob’s public key Serial number (unique

Serial number (unique to issuer) info about certificate owner, including algorithm and key value itself
Serial number (unique to issuer)
info about certificate owner, including algorithm and
key value itself (not shown)
info about
certificate
issuer
valid dates
digital
signature by
issuer

59

ECE/CSC 570, Fall 2014

digital signature by issuer 59 ECE/CSC 570, Fall 2014 Firewalls firewall isolates organization’s internal net
digital signature by issuer 59 ECE/CSC 570, Fall 2014 Firewalls firewall isolates organization’s internal net

Firewalls

firewall isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others.

Internet, allowing some packets to pass, blocking others. administered public network Internet firewall 60 ECE/CSC
administered public network Internet firewall
administered
public
network
Internet
firewall

60

ECE/CSC 570, Fall 2014

some packets to pass, blocking others. administered public network Internet firewall 60 ECE/CSC 570, Fall 2014

Firewalls: Why ?prevent denial of service (DoS) attacks: SYN flooding: attacker establishes many bogus TCP connections, no

prevent denial of service (DoS) attacks:

SYN flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections.

prevent illegal modification/access of internal data.

e.g., attacker replaces CIA’s homepage with something else

allow only authorized access to inside network (set of authenticated users/hosts)

three types of firewalls:

61

stateless packet filters stateful packet filters application gateways

ECE/CSC 570, Fall 2014

filters application gateways ECE/CSC 570, Fall 2014 Stateless packet filtering Should arriving packet be

Stateless packet filteringfilters application gateways ECE/CSC 570, Fall 2014 Should arriving packet be allowed in? Departing packet

Should arriving packet be allowed in? Departing packet let out?
Should arriving
packet be allowed
in? Departing packet
let out?

internal network connected to Internet via router firewall router filters packet-by-packet (stateless), decision to forward/drop packet based on:

source IP address, destination IP address TCP/UDP source and destination port numbers ICMP message type TCP SYN and ACK bits

62

ECE/CSC 570, Fall 2014

type TCP SYN and ACK bits 62 ECE/CSC 570, Fall 2014 Stateless packet filtering: example Example

Stateless packet filtering: exampletype TCP SYN and ACK bits 62 ECE/CSC 570, Fall 2014 Example 1: block incoming and

Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or dest port = 23.

all incoming, outgoing UDP flows and telnet connections

are blocked. (TCP port 23 is for telnet; IP protocol=17 is UDP)

Example 2: Block inbound TCP segments with ACK=0.

prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.

• The first segment in every TCP connection has the ACK bit set to 0, whereas all other segments in the connection have the ACK bit set to 1

63

ECE/CSC 570, Fall 2014

have the ACK bit s et to 1 63 ECE/CSC 570, Fall 2014 Stateless packet filtering:

Stateless packet filtering: more exampleshave the ACK bit s et to 1 63 ECE/CSC 570, Fall 2014 Policy Firewall Setting

Policy

Firewall Setting

No outside Web access.

Drop all outgoing packets to any IP address, port 80

No incoming TCP connections, except those for institution’s public Web server only.

Drop all incoming TCP SYN packets to any IP except “130.207.244.203, port 80”

Prevent Web-radios from eating up the available bandwidth.

Drop all incoming UDP packets - except DNS and router broadcasts.

Prevent your network from being used for a smurf DoS attack.

Drop all ICMP packets going to a “broadcast” address (eg

130.207.255.255).

Prevent your network from being tracerouted

Drop all outgoing ICMP TTL expired traffic

64

ECE/CSC 570, Fall 2014

Prevent your network from being tracerouted Drop all outgoing ICMP TTL expired traffic 64 ECE/CSC 570,

Access Control ListsACL: table of rules, applied top to bottom to incoming packets: (action, condition) pairs action

ACL: table of rules, applied top to bottom to incoming packets: (action, condition) pairs

action

source

dest

protocol

source

 

dest

flag

address

address

 

port

port

bit

   

outside of

     

any

allow

222.22/16

222.22/16

TCP

>

1023

 

80

allow

outside of

222.22/16

       

222.22/16

TCP

 

80

>

1023

ACK

   

outside of

       

allow

222.22/16

222.22/16

UDP

>

1023

 

53

---

allow

outside of

222.22/16

       

222.22/16

UDP

 

53

>

1023

----

deny

all

all

all

 

all

 

all

all

65

ECE/CSC 570, Fall 2014

  all   all all 65 ECE/CSC 570, Fall 2014 Stateful packet filtering stateless packet filter:

Stateful packet filtering  all   all all 65 ECE/CSC 570, Fall 2014 stateless packet filter: heavy handed tool

stateless packet filter: heavy handed tool

admits packets that “make no sense,” e.g., dest port = 80, ACK bit set, even though no TCP connection established:

action

source

dest

protocol

source

dest

flag

address

address

port

port

bit

allow

outside of

222.22/16

       

222.22/16

TCP

80

> 1023

ACK

stateful packet filter: track status of every TCP connection

track connection setup (SYN), teardown (FIN): can determine whether incoming, outgoing packets “makes sense” timeout inactive connections at firewall: no longer admit packets

66

ECE/CSC 570, Fall 2014

firewall: no longer admit packe ts 66 ECE/CSC 570, Fall 2014 Stateful packet filtering ACL augmented

Stateful packet filteringfirewall: no longer admit packe ts 66 ECE/CSC 570, Fall 2014 ACL augmented to indicate need

ACL augmented to indicate need to check connection state table before admitting packet

action

source

dest

proto

source

 

dest

flag

check

address

address

 

port

port

bit

connection

   

outside of

     

any

 

allow

222.22/16

TCP

>

1023

 

80

222.22/16

     

allow

outside of

222.22/16

       

x

TCP

 

80

>

1023

ACK

222.22/16

     
   

outside of

         

allow

222.22/16

UDP

>

1023

 

53

---

222.22/16

   

allow

outside of

222.22/16

       

x

UDP

 

53

>

1023

----

222.22/16

   

deny

all

all

all

 

all

 

all

all

 

67

ECE/CSC 570, Fall 2014

all   all all   67 ECE/CSC 570, Fall 2014 Application Gateway Application gateway look beyond

Application Gatewayall   all all   67 ECE/CSC 570, Fall 2014 Application gateway look beyond the IP/TCP/UDP

Application gateway look beyond the IP/TCP/UDP headers and make policy decisions based on application data.

and make policy decisions based on application data. A firewall consisting of two packet filters and

A firewall consisting of two packet filters and an application gateway.

68

ECE/CSC 570, Fall 2014

on application data. A firewall consisting of two packet filters and an application gateway. 68 ECE/CSC

Application Gateways (2)Filters packets on application data as well as on IP/TCP/UDP fields. Example: allow selected internal

Filters packets on application data as well as on IP/TCP/UDP fields.

Example: allow selected internal users to telnet outside.

gateway-to-remote host telnet session host-to-gateway telnet session application router and filter gateway
gateway-to-remote
host telnet session
host-to-gateway
telnet session
application
router and filter
gateway

1. Require all telnet users to telnet through gateway.

2. For authorized users, gateway sets up telnet connection to dest host. Gateway relays data between 2 connections

3. Router filter blocks all telnet connections not originating from gateway.

69

ECE/CSC 570, Fall 2014

not originating fro m gateway. 69 ECE/CSC 570, Fall 2014 Limitations of firewalls and gateways 70

Limitations of firewalls and gatewaysnot originating fro m gateway. 69 ECE/CSC 570, Fall 2014 70 IP spoofing: router can’t know

70

IP spoofing: router can’t know if data “really” comes from the claimed source

if multiple app’s. need special treatment, each has own app. gateway.

client software must know how to contact gateway.

e.g., must set IP address of proxy in Web browser

filters often use all or nothing policy for UDP.

tradeoff: degree of communication with outside world, level of security

many highly protected sites still suffer from attacks.

ECE/CSC 570, Fall 2014

sites still suffer from attacks. ECE/CSC 570, Fall 2014 Virtual Private Networks (VPN) (a) A leased-line

Virtual Private Networks (VPN)sites still suffer from attacks. ECE/CSC 570, Fall 2014 (a) A leased-line private network. (b) A

(a) A leased-line private network.

(b) A virtual private network.

leased-line private network. (b) A virtual private network. 71 ECE/CSC 570, Fall 2014 Other Issues Wireless

71

ECE/CSC 570, Fall 2014

(b) A virtual private network. 71 ECE/CSC 570, Fall 2014 Other Issues Wireless Security Wi-Fi: Free-rider’s
(b) A virtual private network. 71 ECE/CSC 570, Fall 2014 Other Issues Wireless Security Wi-Fi: Free-rider’s

Other Issues

Wireless Security

Wi-Fi: Free-rider’s heaven

802.11 Security

WEP (Wired Equivalent Privacy) Protocol

IEEE announced that 802.11 WEB1.0 was completely broken (Sept. 7, 2001)

Social Issues

72

ECE/CSC 570, Fall 2014

Protocol IEEE announced that 802.11 WEB1.0 was completely broken (Sept. 7, 2001) Social Issues 72 ECE/CSC