Ece579s computer network security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 196

ECE579S Computer & Network Security PowerPoint PPT Presentation


  • 125 Views
  • Uploaded on
  • Presentation posted in: General

ECE579S Computer & Network Security. Professor Richard A. Stanley, P.E. Overview of Tonight’s Class. Administration Is computer security a problem, or just an interesting topic? What is different between computer security and network security? Computer security objectives and approaches.

Download Presentation

ECE579S Computer & Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ece579s computer network security

ECE579S Computer & Network Security

Professor Richard A. Stanley, P.E.

WPI


Overview of tonight s class

Overview of Tonight’s Class

  • Administration

  • Is computer security a problem, or just an interesting topic?

  • What is different between computer security and network security?

  • Computer security objectives and approaches

WPI


Organizational details

Organizational Details

  • Prof. Stanley contact information

    • Office: Atwater-Kent 303, but rarely there

    • Hours: by appointment, preferably after class

    • Phone: (508) 269-6482

    • Email: [email protected]

WPI


Administrivia

Administrivia

  • Class will normally meet 8:00 AM – 1:00 PM every Friday here. Please be on time.

  • We will hold 8 classes; cancellations will be announced in advance (except weather)

  • Breaks as needed

  • If class is cancelled for bad weather, you should receive notice. Double-check with ECE Dept. (5231) or with me if in doubt.

WPI


Recall

Recall

  • We need to set up a way for notification of cancelled/late classes

  • Please put the following information on the sheet going around:

    • Name

    • Email

    • Telephone

  • Volunteer to be at the top of the list?

WPI


Course text

Course Text

  • Computer Security Handbook, 5th Edition, by Bosworth, et al.  ISBN is 978-0471716525. To be published 09 Feb 09 by Wiley. 

  • Additional material will be in the form of handouts

WPI


Course web page

Course Web Page

  • http://ece.wpi.edu//courses/ee579sw/ECE579S/

  • Slides will be posted to the page before class, barring any unfortunate problems

WPI


Policies

Policies

  • Homework is due at the class following the one in which it is assigned. It will be accepted--with a one grade penalty--up to the second class after that in which it is assigned, but not after that, except in truly emergency situations. By definition, emergencies do not occur regularly.

  • There is a difference between working in teams and submitting the same work. If work is a team product, it must be clearly labeled as such.

WPI


Elements of the course

Elements of the Course

  • Assignments:There will be weekly assignments, which will be graded

  • Presentation:At the end of the course, student teams will present a report prepared on a cryptography-related subject. The presentation should be well-prepared and should give an overview of a special topic in cryptography (e.g. eCash, wireless security, SSL, biometric authentication systems etc.).

  • Examinations:There will be a two written examinations that will cover all topics discussed in class. The questions will range from mild to hard.

WPI


Research projects

Research Projects

  • Teams of 3-5 individuals per project

  • Research an information assurance-related topic

  • Prepare a report on the research

  • Present findings

    • Note: a presentation is not the report copied into PowerPoint

WPI


Grading

Grading

  • Grade components

    • Course exams (35%)

    • Homework (20%)

    • Class participation (10%)

    • Course project (35%)

WPI


My peculiarities

My Peculiarities

  • I am not a word-counter. When given, word counts are for general guidance only.

  • Bad news doesn’t improve with age. If there are problems, let’s deal with them as soon as they arise.

  • Expect to find ties to historical events in class – not a bad idea to use those for hints as to how some problems develop and expand.

WPI


Getting to know you

Getting to Know You

  • My interest and experience in this area

  • Your interests and expertise in this area

    • Cryptography?

    • Networking?

  • Where we might go with this course

  • What you would like from the course

WPI


Computer security versus network security

Computer SecurityversusNetwork Security

WPI


Ece579s computer network security

Computer security involves preventing, detecting, and responding to unauthorized actions on a computer system.

Network security means the same thing for a group of networked computers

Information Assurance covers all the things we do to protect information from unauthorized disclosure and exploitation

WPI


Chicken vs egg

Chicken vs. Egg?

To understand network security, you must first understand

computer security. There is no “easy” way around this.

To practice information assurance, you need to know both

computer and network security, as well as quite a lot of

other topics, which we will cover.

We are going to find that this subject crosses many boundaries

of skills and “jurisdiction.” This can be both an opportunity and

a curse.

WPI


One view

One View

Network

Security

Computer

Security

WWW

Security

IA

WPI


Computer security what s the big deal

Computer Security: What’s the Big Deal?

  • Not a new problem

  • Not just a creation of the press

  • Not just for rocket scientists

  • As professionals, failure to understand and implement appropriate security can come back to haunt you in terms of liability and reputation

WPI


Points to ponder

Points to Ponder

  • Majority of businesses reported attacks against their networks in 2007

    • Almost 20% of these were targeted

  • Average financial losses over $350,000 per organization, highest in last five years

  • Financial fraud displaced viruses as the first place problem

Source: "Issues and Trends: 2007 CSI/FBI Computer Crime and Security Survey"

WPI


Recent events

Recent Events

  • WikiLeaks

    • Is this a computer security problem?

  • Denial of Service attacks

    • Both from WikiLeaks supporters and totally unrelated

  • …and?

WPI


Virtual warfare

Virtual Warfare

“Cyberspace is another domain in which the U.S. military may face rapidly growing risk. Information technology (IT) permeates every aspect of its operations, from logistics and command and control to targeting and guidance. As the dependence on IT has grown, so, too, has vulnerability to disruptions, especially dirsuptions of battle networks linking U.S. forces.”

Andrew J. Krepinevich, Jr, “The Pentagon’s Wasting Assets,” Foreign Affairs Vol 88, No. 4 (July/August 2009), pg. 25.

WPI


It isn t getting better

It Isn’t Getting Better

  • Security surveys show a clear trend in security problems: UPWARDS

  • Nature of attacks constantly changing

  • Evidence of nation-state participation

  • Who among you has not seen or heard at least one computer security news story in the past month?

WPI


An object lesson

An Object Lesson

Willie Sutton, 1901-1980. Bank Robber.

Q: “Why do you rob banks, Willie?”

A: “Because that’s where the money is!”

This quote is probably the best-known criminal quote around.

One problem: Willie never said it.

BUT... He said “I probably would have said it if anyone had asked me.”

WPI


Where s the money

Where’s The Money?

  • Historically, money was something held to have intrinsic value (e.g., gold, silver)

  • Paper money, until recently, was merely a promise to pay in gold or silver

  • So, money really was in the banks

  • Money today is merely a unit of information

  • ... And it is kept in computers!

WPI


The willie factor

The “Willie Factor”

  • Computer crime exists because computers are the repositories of things of value

    • Money

      • This is a common target in industrial attacks

    • Information that is valuable or can be made so

      • This is especially true in government networks, most particularly in defense-related networks

  • Thieves look for low-hanging fruit

WPI


A dilemma

A Dilemma

  • Security is something most users want, but that most know little about

  • Security gets in the way of using the computer system

  • The tighter the security, the harder the system is to use, and the more likely it is that the users will bypass security measures

WPI


Is a secure computer possible

Is A Secure Computer Possible?

WPI


The totally secure system

The Totally Secure System

  • Is relatively simple to build

  • Is useless for any practical purposes

Our job is to learn how to design computer systems to provide the necessary level of security without going overboard.

WPI


Why isn t this topic more theoretical

Why Isn’t This Topic More Theoretical?

In theory, there is no difference

between theory and practice.

In practice, there is.

Yogi Berra

WPI


Why is a proof elusive

Why Is A Proof Elusive?

  • A secure system must be secure under all conditions of operation

  • This, in turn, demands proof that there is no condition under which it could operate that is insecure, i.e. the negative proposition.

  • But, formal logic teaches us it is impossible to prove a negative

  • Q.E.D.

WPI


That said

That Said...

  • We will define a secure computer

  • We will learn how to create a secure computer

  • If it is useless, why?

    • If it can’t exist, we will never know how close we are to achieving security

    • It is a goal towards which we must work

WPI


Consider the automobile

Consider the Automobile

  • A perfectly safe automobile does not exist, and cannot exist

  • However, we still strive to build safer autos

    • This is a legitimate engineering pursuit

    • It is socially irresponsible to do otherwise

    • Much of the efforts are based on approaching an unachievable goal

WPI


Ece579s computer network security

Responsibilities

  • Customers expect “reasonably secure” handling of their sensitive data

  • The Devil is in the details

    • What is “reasonable?”

    • What is “secure?”

    • What data is “sensitive?”

    • When is it your responsibility?

WPI


Ece579s computer network security

What’s the Problem?

  • Financial liability

    • Due diligence

    • Simple negligence

    • Gross negligence

  • Goodwill

  • One bad press release cancels 1000 attaboys

This is a “you bet your business” issue

WPI


A curious property of information

A Curious Property of Information

  • Information is the only thing that can be stolen and still leave the owner in possession of it

  • This poses some serious problems, which the course will address

WPI


Security aspects

Security Aspects

  • Confidentiality

  • Integrity

  • Availability

  • Accountability

  • Nonrepudiation

  • Risk management

  • Reliability and safety

Security is a

multidisciplinary

problem

WPI


Problem is multidisciplinary

Problem is Multidisciplinary

  • Engineering

  • Computer science

  • Sociology

  • Economics

  • Law and ethics

  • Management

  • and ...

WPI


Role of technology

Role of Technology

  • Technology is a useful tool, not a panacea.

  • A clear policy, evenly enforced, is the most critical element of success.

  • Don’t ignore the fundamentals.

    • Many computers have been compromised by not revoking a former employee’s password

    • Most of the threat comes from within

    • The problem is not just maliciousness

WPI


Security objectives

Security Objectives

Integrity

A – I - C

Availability

Confidentiality

Protect, detect and recover from insecurities

WPI


Data vs information

Data vs. Information

  • Data represents information

  • Information is the interpretation of data

This is not as obvious as it appears on the surface!

WPI


So what

So What?

  • Protecting the data may not protect the information

  • It is possible to create information from a wide variety of data sources

    • e.g. Wehrmacht order of battle pre-1939

  • The problem is more complex than just putting an armed guard at the door

WPI


Biggest problem learning to think like a crook

Biggest Problem? Learning to Think Like a Crook!

WPI


One view security asset protection

One View:Security = Asset protection

Risk Analysis

Protect

Detect

Correct

Manage

WPI


Ece579s computer network security

WPI


Ece579s computer network security

WPI


Ece579s computer network security

WPI


Ece579s computer network security

WPI


Another view focus of control

Another View:Focus of Control

Applications

User

(Subject)

Resource

(Object)

Policy

Protection

Hardware

Should protection focus on data, operations, or users?

WPI


Man machine scale

Man-Machine Scale

Applications

Services

OS

OS kernel

Hardware

In which layer(s) should security be implemented?

WPI


Controls

Controls

  • Centralized

    • Simple to conceive and implement

    • Bottleneck

  • Decentralized

    • May be more efficient

    • Difficult to implement and maintain

Where to put security tasks and enforcement?

WPI


The security perimeter

The Security Perimeter

  • How to keep attackers out of the “layer below” where security is implemented?

    • Recovery tools

    • Devices

    • Memory release

    • Backup

    • Memory dumps

WPI


One more time

One More Time

Computer security involves preventing, detecting, and responding to unauthorized actions on a computer system.

Network security means the same thing for a group of networked computers

WPI


Why networks matter

Why Networks Matter

  • If computers cannot be secured individually, the network cannot be secure

  • Networking makes the most individually secure computer on the network only as secure as the least individually secure computer on the network.

  • Networking offers new vulnerabilities

  • Speed of mischief increases exponentially

WPI


And most especially

And Most Especially...

  • Mobile code is a basic staple of the Internet, and other networks as well

    • This a wholly new paradigm

  • Users are not usually aware of mobile code

  • Novelty and convenience trump security every time

WPI


Analogy

Analogy

  • One can easily define the security perimeter of a single computer. You can probably even literally “put your arms around it.”

  • One cannot easily define the perimeter of a group of networked computers, except under a set of trivial conditions that are meaningless in practice.

  • So, where to put the security? And HOW to make it happen?

WPI


Network primer

Network Primer

WPI


Networks

Networks

  • A network is an interconnected group of communicating devices.

  • Two primary network types

    • Circuit-switched (connection oriented)

    • Packet-switched (connectionless)

  • Span

    • WAN, MAN, LAN

    • So what? Nothing magic about the name.

WPI


Data networks

Data Networks

  • Almost exclusively packet switched

    • Higher efficiency than circuit-switched

    • Computationally intensive to provide

    • Packet loss rate is often very high

      • Largely due to collisions rather than circuit faults

    • Require extensive protocols to operate

      • X.25

      • IP

WPI


Network topology

Network Topology

  • The topology of a network is a view of its interconnections, as they would be seen by an observer looking down from great height

  • Topology is important because it has implications for security

  • Three major topologies:

    • star

    • buss

    • ring

WPI


Star topology

Star Topology

The orange lines depict one

star -- this slide actually shows

a star-star architecture.

WPI


Buss topology

Buss Topology

Buss

In a buss topology, all signals pass by all terminals

WPI


Ece579s computer network security

Ring Topology

A ring is simply a buss with

the ends connected to one another.

WPI


How to get there

How To Get There?

  • Every destination on the network must have an address, just as every postal destination must have an address

    • Addresses must be unique

    • Network must know how to recognize address

    • Various addressing schema, e.g.

      • Ethernet

      • IP

WPI


Ece579s computer network security

Two Network Technologies

  • Token ring

    • Users remain silent until they receive token

    • Pioneered by IBM, not widely used

  • Ethernet

    • Carrier-sense, multiple access/collision detect

    • Binary exponential backoff on collision sense

    • This is a radio network!  Another vulnerability

    • Most widely used architecture today, largely because it is less expensive than token ring

WPI


Other network technologies

Other Network Technologies

  • Fiber-Distributed Data Interconnect (FDDI)

    • Self-healing, 100 Mbps dual ring

  • Frame relay

    • Packet data service, built on X.25

  • Synchronous Optical Network (SONET)

  • Asynchronous Transfer Mode (ATM)

    • Can operate at gigabit speeds

      • 53 byte packets; 5 of the bytes are overhead

These are of interest in networking, but not security per se;

they will not be discussed further in this course

WPI


Topology misconceptions

Topology Misconceptions

  • The physical interconnection of network elements does not necessarily reflect the logical network topology

    • Ethernet is logically a buss architecture

    • Ethernet, connected using hubs, uses a physical star interconnection

    • Ethernet, connected using coaxial cable, uses a physical buss interconnection

WPI


Some network security issues

Some Network Security Issues

  • Users not necessarily registered at the node they are accessing

    • How to authenticate users?

    • What is basis for access control decisions?

  • Some options:

    • User ID

    • User address

    • Service being invoked

    • Cryptographic-based solutions

WPI


Ethernet misconceptions

Ethernet Misconceptions

  • IEEE 802.3 = Ethernet

    • Nope! Pure Ethernet is 802.2

  • All Ethernets are created equal

    • Vendor implementation issues

  • The faster the network speed, the faster I can work

    • Signaling speed  data throughput

  • Ethernet maps to the internet

WPI


Csma cd throughput

CSMA/CD Throughput

Signaling speed

~40%

Throughput

Users

WPI


Ethernet addresses

Ethernet Addresses

  • 48 bits long

  • Address space managed by the IEEE

  • Formerly fixed in hardware at time of manufacture, but increasingly in EEPROM

  • Hardware must recognize at least it’s own physical address and the network multicast address, and possibly alternate addresses

WPI


Ethernet frame

Ethernet Frame

NOTE: The proper term in this context for groups of 8 bits is an octet, not a byte.

WPI


Network size

Network Size

  • Networks cannot grow to be arbitrarily large

    • Address space

    • Physical interconnection limitations

    • Increasing collisions as users increase

    • Protocol/OS/machine incompatibilities

  • So, how to extend the ability to interconnect an arbitrarily large number of computers?

WPI


The arpanet

The ARPANET

  • Father of the Internet; first elements in 1969

  • Began as an attempt to conduct and share research to ensure continuity of communications after nuclear war, so

    • Connectionless

    • Assured delivery

    • Self-reconfiguring (sort of)

  • Demonstrated feasibility of internetworking disparate computer networks and machines

WPI


Internetworking

Internetworking

  • Internetworking is the interconnection of networks

  • The Internet is an internetwork; all internetworks are not the Internet

  • Very few modern networks exist in isolation; most are internetworked

  • This has important security and legal implications

WPI


Internetworking concepts

Internetworking Concepts

  • Networks are interconnected by routers or gateways

    • More about this later in the course

  • Routers route a packet using the destination network address, not the destination host address

    • Analogous to the world postal system and how letters are routed

WPI


Internetwork architecture

Internetwork Architecture

Net 1

R

Net 2

WPI


Extended internetworking

Extended Internetworking

Net 1

R

Net 2

Clearly, this can be

extended ad infinitum,

to form very large

internetworks.

R

Net 3

WPI


Some terms

Some Terms

  • TCP = transmission control protocol

  • IP = internet protocol

  • These protocols have become widely used outside the formally-defined Internet

  • They have some serious flaws, but they work

    • They were not planned to have/need security

WPI


Class based ip addressing

Class-Based IP Addressing

WPI


Class discrimination

Class Discrimination

  • Address space is 32 bits long (IPv4)

    • Therefore, at most 232 possible addresses (or 4,294,967,296 in decimal notation)

  • Easy to extract netid from address

  • There is not a one-to-one correspondence between IP addresses and physical devices

    • Consider the router

  • Address with hostid=0 refers to network

WPI


Ip addressing weaknesses

IP Addressing Weaknesses

  • If a host moves to another network, its IP address must change

  • If a network grows beyond its class size (B or C), it must get a new address of the next larger size

  • Because routing is by IP address, the path taken by packets to a multiple-addressed host depends on the address used

WPI


Ip address presentation

IP Address Presentation

  • Usually done in dotted decimal, e.g.,

  • What class of network address is this?

  • As you see, each notation has its uses

10000000 00001010 00000010 00011110

is usually written as

128.10.2.30

WPI


Consider this address

Consider This Address

  • 256.75.301.116

  • What type of network is represented by this address?

  • Why?

    • In dotted decimal, no number can exceed 255, as that is the value of 28-1

WPI


Address limits

Address Limits

ClassLowest AddressHighest Address

A 0.1.0.0 126.0.0.0

B 128.0.0.0 191.255.0.0

C 192.0.1.0 223.255.255.0

D 224.0.0.0 239.255.255.255

E 240.0.0.0 247.255.255.255

WPI


Classless routing

Classless Routing

  • Class-based routing has limitations, as you can readily see

  • This has led to the development of Classless Internet Domain Routing, or CIDR, e.g.

    178.201.0.0/24

  • In today’s documents, addresses are usually stated in CIDR format

WPI


Ip address presentation1

IP Address Presentation

  • Usually done in dotted decimal, e.g.,

  • What class of network address is this?

  • As you see, each notation has its uses

10000000 00001010 00000010 00011110

is usually written as

128.10.2.30

WPI


Consider this address1

Consider This Address

  • 256.75.301.116

  • What type of network is represented by this address?

  • Why?

    • In dotted decimal, no number can exceed 255, as that is the value of 28-1

WPI


Reserved addresses

Reserved Addresses

  • First Quad=127 is used for loopback

    • Traffic doesn’t leave the computer

    • Routed to the IP input queue

    • Usually see 127.0.0.1

  • Unregistered addresses

    • Class A10.0.0.0 thru 10.255.255.255

    • Class B172.16.0.0 thru 172.31.255.255

    • Class C192.168.0.0 thru 198.168.255.255

WPI


The future of ip

The Future of IP

  • IPv4 has shortcomings that are becoming important for modern networking

  • The IETF’s solution is a new version of IP, Version 6, written as IPv6

    • Increased address space (128 vs. 32 bits)

    • Support for network autoconfiguration

    • Better support for routing

    • Better security support

WPI


Ipv6 issues

IPv6 Issues

  • It is not backwards compatible with IPv4

    • Given the change in address space alone, how could it be?

    • Requires translator to go v4v6, vice versa

  • Huge investment in installed IPv4 mitigates against rapid changeover

    • But the Defense Department is going there now

  • Network address translation (NAT) helps reduce need for new address space

  • Some services, like IPSec, now available for IPv4

  • Bottom line: changeover not likely to be quick except in defense applications

WPI


Ports and sockets

Ports and Sockets

  • Ports are associated with services, e.g.,

    • Port 53 is usually the domain name service (DNS)

    • Port 80 is usually the hypertext transfer protocol service

  • A socket is the combination of an IP address and a port, e.g. 192.168.2.45:80

  • Sockets enable multiple simultaneous services to run on a single address

WPI


Address registration

Address Registration

  • Internet Corporation for Assigned Names and Numbers (ICANN) handles:

    • IP address space allocation

    • protocol parameter assignment

    • domain name system management

    • root server system management functions

  • Only essential to register addresses that appear on the global network, but registration is preferred

WPI


Routing

Routing

WPI


Protocols

Protocols

  • A protocol is simply an agreed-upon exchange of information required to perform a given task

    • IP is a protocol

    • So is TCP

  • Networks utilize protocols to accomplish all the important tasks they perform

  • Layered protocols are common

WPI


Iso protocol model

ISO Protocol Model

WPI


Protocol layering

Protocol Layering

  • Refers to a protocol running on top of another protocol

  • Layered protocols are designed so that layer n at the destination receives exactly the same object sent by layer n at the source

WPI


Tcp ip layering model

TCP/IP Layering Model

Application

Application-specific

messages/streams

Transport

TCP Packets

Internet

IP Datagrams

Network Interface

Ethernet/Token Ring

Hardware

WPI


Some common protocols

Some Common Protocols

  • ARP maps IP addresses to physical addresses

  • RARP determines IP address at startup

  • IP provides for assured connectionless datagram delivery

  • ICMP handles error and control messages

  • UDP defines user datagrams (no assurance of delivery)

  • IKE handles crypto key management functions

  • TCP provides reliable stream transport

WPI


How protocol layering works

How Protocol Layering Works

WPI


Protocol layering internet

Protocol Layering & Internet

WPI


Important boundaries

Important Boundaries

WPI


Ece579s computer network security

TCP

  • Assumes little about underlying network

  • Reliable delivery characteristics:

    • Stream orientation

    • Virtual circuit connection

    • Buffered transfer

    • Unstructured stream

    • Full duplex connection

WPI


Positive acknowledgement

Positive Acknowledgement

WPI


Positive acknowledgement with lost packet

Positive Acknowledgement With Lost Packet

WPI


Sliding window

Sliding Window

WPI


Positive ack with sliding window

Positive ACK With Sliding Window

WPI


Ece579s computer network security

TCP

  • A communications protocol, NOT a piece of software

  • Provides

    • Data format

    • Data acknowledgement for reliable transfer

    • How to distinguish multiple destinations

    • How to set up and break down a session

  • Very complex

WPI


Conceptual tcp layering

Conceptual TCP Layering

WPI


Internet round trip delays

Internet Round Trip Delays

This data is old, but

still meaningful if you

ignore the absolute values

of the delays.

WPI


Delays

Delays

  • Cannot be avoided or predicted (except statistically)

    • Packet delivery times will vary

    • Many packets will simply be lost

  • So, as a network designer...

    • How long do you wait to assume nondelivery?

    • How do you slide the window?

    • How do you back off on collision detect?

    • How do you respond to congestion?

    • …etc.

WPI


Establishing a tcp session

Establishing a TCP Session

WPI


Ending a tcp session

Ending a TCP Session

This implies that a TCP session could be left “half open.” That is true.

WPI


Tcp state machine

TCP State Machine

WPI


Other network protocols

Other Network Protocols

  • NetBIOS

  • NetBUI

  • IPX

  • X.25

  • ATM

  • Message: TCP/IP is not the only show in town

BUT...it is the most popular show in town

WPI


Network facts

Network Facts

  • Most computers today are connected to a network (consider the Internet), at least for part of the time they are in operation

  • Most local networks are internetworked

  • How to provide authenticity, integrity, confidentiality, availability?

  • Cryptography can help provide all the security services except availability

WPI


Network summary 1

Network Summary--1

  • Security is a real need in real systems

  • Defense systems are particularly attractive targets

  • The issues involved cross the disciplines of computer science, engineering, and management

  • Several models can be visualized for the security mechanisms

WPI


Network summary 2

Network Summary--2

  • Networks and internetworking have become ubiquitous

  • Networking allows interconnection of computers without much concern for the local OS or machine architecture

  • Networking raises many serious security issues, which must be solved for networks to be useful in modern business settings

  • The pace of network security problem development far exceeds the pace of their solution

WPI


Cryptography primer

Cryptography Primer

WPI


Overview of the cryptology field

Overview of the Cryptology Field

WPI


Types of cryptosystems

Types of Cryptosystems

  • Symmetric key

    • Since times B.C.E. to today

    • Also called private key, which has become confusing

  • Asymmetric key

    • Invented in 1976

    • Also called public key systems

  • Hybrid Systems

WPI


The players

The Players

  • Alice: commonly used to denote the sender of cryptographic traffic

  • Bob: commonly used to indicate the recipient of that traffic

  • Eve: an eavesdropper

  • Oscar: a generalized “bad guy”

WPI


Symmetric key cryptosystems

Symmetric Key Cryptosystems

  • Problem Statement: Alice and Bob want to communication over an un-secure channel (e.g., computer network, satellite link). They want to prevent Oscar (the bad guy) from listening.

  • Solution: Use of private-key cryptosystems (these have been around since ancient times) such that if Oscar reads the encrypted version y of the message x over the unsecured channel, he will not be able to understand its content because x is what really was sent.

WPI


Symmetric key cryptography

Symmetric Key Cryptography

Alice

Bob

Shared private key

Alice’s message

Shared private key

WPI


Enigma

Enigma

Perhaps the most famous

cipher machine in history.

This is an early model. Later test

versions had as many as five rotors.

Standard Kriegsmarine machines had

four rotors after about 1943.

Enigma was a tactical machine--

designed for battlefield use.

Even today, Enigma would provide

excellent security…IF no errors

occurred on the part of the operators.

WPI


Sigaba

Sigaba

Similar in theory

to Enigma.

Designed for strategic

(fixed station) use; note

direct punching of

teletypewriter paper

tape for transmission.

WPI


Symmetric key cryptosystems1

Symmetric Key Cryptosystems

WPI


Definitions

Definitions

WPI


Kerckhoffs principle

Kerckhoffs’ Principle

  • Secrecy must reside solely in the key

    • It is assumed that the attacker knows the complete details of the cryptographic algorithm and implementation

  • A. Kerckhoffs was a 19th century Dutch cryptographer

  • Ergo, Security by obscurity doesn’t work!

WPI


Enigma and sigaba

Enigma and Sigaba

  • Illustrate the validity of Kerckhoff’s theorem

  • Even when cryptanalysts were armed with a nearly perfect replication of the Enigma logic, brute-force keyspace search was useless for providing practical results

  • The key needed to be discovered!

WPI


Simple block ciphers

Simple Block Ciphers

WPI


Other crypto systems

Other Crypto Systems

  • Substitution ciphers

    • Most famous is the Caesar cipher: monoalphabetic substitution with offset = 3

    • Transposition ciphers in this group

    • Children’s decoders usually in this category

  • Book ciphers

  • Codebooks

WPI


Problem areas

Problem Areas

  • Languages have well-known statistics

    • E.g., “e” is most common letter in English

    • This can be exploited for cryptanalysis

    • Thus, substitution ciphers are not very secure

    • Similar problems plague book ciphers, etc.

  • The only way to achieve true security is to make the ciphertext appear as random as possible

WPI


Modern cryptography uses electronic digital systems

Modern Cryptography Uses Electronic Digital Systems

  • Advantages:

    • Speed

    • Accuracy

    • Ability of using complex mathematics

  • Disadvantages

    • Complex equipment

    • Electronic vulnerabilities

    • Key management

WPI


Symmetric ciphers

Symmetric Ciphers

  • Same code at each end

  • Important that message length < cipher length

  • Billions of combinations possible

  • Codes changed frequently

  • Each circuit requires a code pair

WPI


Cipher example mauborgne vernam

Encipher

Plain: 001 010 011 100

+key: 111 011 010 101

Cipher: 110 001 001 001

Decipher

Cipher: 110 001 001 001

+key: 111 011 010 101

Plain: 001 010 011 100

Cipher Example (Mauborgne/Vernam)

The ciphertext is simply the plain text added to the key,

modulo 2. This is a reversible process, as seen above.

WPI


How to achieve good cryptography

How to Achieve Good Cryptography?

  • Well-reviewed algorithms

    • So weaknesses cannot “hide” until after implementation

  • Excellent key generation & management

    • To maintain secrecy of the key

  • Algorithms that are sufficiently complex so as to not permit feasible exhaustive attacks

WPI


Feistel ciphers characteristics

Feistel Ciphers: Characteristics

  • Special class of iterated block ciphers

  • Ciphertext calculated from plaintext by repeated application of the same transformation or round function

  • Encryption and decryption are structurally identical (subkey order reversed for decryption)

  • Fast, even in software implementation

  • Easily analyzed (i.e., deficiencies more readily found by analysis)

WPI


Feistel ciphers in operation

Feistel Ciphers in Operation

  • Plaintext split into two halves

  • Round function f is applied to one half using a subkey

  • Output of f is XOR’d with the other half of the plaintext

  • Two halves are swapped

  • Process repeated for n rounds

  • No swap after last round

WPI


Des feistel applied

DES: Feistel Applied

  • DES: Data Encryption Standard

  • Formal specification -- FIPS PUB 46-3, last affirmed 25 October 1999 http://www.csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf

  • Describes two cryptographic algorithms

    • DES

    • TDEA (commonly referred to as 3DES)

  • DES based on IBM Lucifer cipher of 1974

WPI


Des characteristics

DES Characteristics

  • 64-bit block cipher

  • 56-bit key, with additional 8 bits used for error checking (odd parity on each byte)

  • Four operating modes (not unique to DES)

    • Electronic Codebook (ECB)

    • Cipher Block Chaining (CBC)

    • Cipher Feedback (CFB)

    • Output Feedback (OFB)

WPI


Subkey generation

Subkey Generation

  • Creating the subkeys in a Feistel cipher has a major effect on the overall security of the algorithm

    • Possible to create weak keys

    • Changes in the subkey algorithm can result in effectively different realizations of the algorithm

  • DES is based on Feistel rounds, and uses a complex method of subkey generation

WPI


Des enciphering computation

DES Enciphering Computation

Feistel round

WPI


Initial permutation

Initial Permutation

WPI


Cipher function f r n k n

Cipher Function, f(Rn,Kn)

WPI


How can this happen

How Can This Happen?

  • Turn 32-bit plaintext into 48-bit output

  • Add to 48-bit key

  • Get 32-bit output

?

WPI


Details

Details

  • E-function takes the input to the Feistel round and expands it to 48 bits

  • S boxes (for substitution) permute bits to produce the proper output

  • Inverse permutation (IP-1) restores bit order after the 16 Feistel rounds

WPI


S box example

S-box Example

WPI


Key scheduling

Key Scheduling

WPI


Principal operating modes fips pub 81

Principal Operating Modes(FIPS PUB 81)

  • Electronic Code Book (ECB)

    • Encrypts one block at a time with selected key

    • Vulnerability: repeated plaintext can reveal key, and then all cipher blocks can be decrypted

  • Cipher Block Chaining (CBC)

    • Input to each block is the output of the previous block next plaintext block

    • Initial block XOR’d with an Initialization Vector (IV)

WPI


Ece579s computer network security

ECB

WPI


Ece579s computer network security

CBC

WPI


Additional modes 1

Additional Modes -1

  • Cipher Feedback Mode

    • previous ciphertext block encrypted and output XOR’d with plaintext block to produce current ciphertext block

    • can use feedback that is less than one full data block

    • initialization vector used as “seed” for the process.

WPI


Ece579s computer network security

CFB

WPI


Additional modes 2

Additional Modes -2

  • Output Feedback Mode (OFB)

    • similar to CFB mode except data XOR’d with each plaintext block is generated independently of both the plaintext and ciphertext

    • initialization vector s0 used as “seed” for a sequence of data blocks si

    • each data block si derived from encryption of the previous data block si-1

WPI


Ece579s computer network security

OFB

WPI


Importance of des

Importance of DES

  • Ubiquitous, U.S. federal standard

  • When standardized, 56-bit key made cipher computationally secure

    • This is no longer the case

    • DES has been broken using brute force attacks in hours, using desktop PCs

  • Immediate fix: Triple Data Encryption Algorithm (or Triple DES, 3DES)

WPI


Ece579s computer network security

TDEA

Encryption

Decryption

WPI


Tdea realities

TDEA Realities

  • Two keying options

    • Three separate keys (as shown previous slide)

    • Two keys; EK1 = EK3

    • Resultant key lengths of 168 or 112 bits

  • For mathematical reasons we won’t go into here, 3-key TDEA is only about twice as secure as DES, not 3 times as secure

  • Implemented in hardware, 3-key TDEA can achieve throughputs approaching 1 Gbps

WPI


Tdea advantages

TDEA Advantages

  • Thoroughly analyzed, unlikely to have any hidden vulnerabilities

  • Much less vulnerable to brute force attack than DES

  • Can be implemented in silicon, with very fast throughput

WPI


Tdea disadvantages

TDEA Disadvantages

  • Algorithm produces slow software implementations

  • Limited to 64-bit block size

  • Trebles the key distribution problem of DES

WPI


Des decryption

DES Decryption

  • As DES is a Feistel cipher, decryption uses the same engine as does encryption

  • For decryption:

    • The DES engine is precisely the same as the encryption engine -- it is not run in reverse (e.g. with the input coming in the “bottom”)

    • Instead, the key scheduleis run in reverse; i.e. the first subkey used is K16, then K15, etc., finishing with K1

WPI


Des mathematics

DES Mathematics

  • Only two functions used

    • XOR

    • Data permutation or shifting

  • At the heart of the DES engine, inside the f-box, is a Vernam cipher machine!

  • Vernam, by itself, is insecure. What makes DES secure?

WPI


Symmetric crypto keys

Symmetric Crypto Keys

  • Ideally, are purely random numbers

  • This is possible because:

    • The keys are prepositioned at each end

    • Random numbers can be generated by capturing stellar noise, diode shot noise, etc.

    • The parties need only agree on where in the key stream to start

    • The key does not have to obey any mathematical function other than randomness

  • Many implementations use pseudo-random numbers, which are not truly random

WPI


Aes the next generation

AES: The Next Generation

  • Advanced Encryption Standard (FIPS PUB 197)

    • Established to counter weaknesses of DES

    • Adopted as U. S. standard November 26, 2001

    • Became effective May 26, 2002

    • Based on Rijndael algorithm

      • Joan Daemen and Vincent Rijmen, Belgians, authors

    • Key lengths of 128, 192, and 256 bits

    • Block size of 128 bits

WPI


Rijndael structure

Rijndael Structure

  • Rijndael is not a Feistel cipher; rather, it uses substitution boxes

  • “...typically part of the bits of the intermediate state are simply transposed unchanged to another position”

  • “...[each] round transformation is composed of three distinct invertible uniform transformations”

WPI


Aes future

AES’ Future

  • Clearly intended to replace DES & TDEA

  • Designed for efficient software implementation

  • Not yet as thoroughly analyzed as DES

  • Many implementations on the market Probably a long coexistence of TDEA & AES

WPI


Breaking symmetric ciphers

Breaking Symmetric Ciphers

  • Brute force

    • Inelegant, but sometimes effective if enough computing power can be brought to bear

    • If cipher is complex enough, this doesn’t work

  • Exploit errors

    • Same message enciphered in two codes

    • Plaintext attack

    • Exploit operator errors

WPI


Brute force attacks on symmetric cryptosystems

Brute Force Attacks on Symmetric Cryptosystems

Assume a number N, having L decimal digits ([email protected]).

Now posit a computer capable of 1010 divisions/second.

The computer can factor any N, using the trial division method,

in approximately N0.5/1010 seconds.

If N has 100 digits, this process will require approximately

1040 seconds.

However, the currently estimated age of the Universe is

only approximately 3.8 x 1017 seconds!

WPI


Key types

Key Types

  • Permanent

    • Used for a fixed, prearranged period of time

    • Typically used for applications such as key distribution, government communications, etc.

  • Session

    • Valid only for current communications session

    • Destroyed after session terminates

WPI


Key distribution problem

Key Distribution Problem

  • Secret keys must be prepositioned at all locations before secure communications can occur.

  • How to do this?

    • Secure physical transport

    • Secure electronic transport

      • The search for a way to accomplish this led to the development of public key cryptography, which we will look at next

WPI


Asymmetric ciphers

Asymmetric Ciphers

  • Also known as public key cryptography

  • Until Diffie-Hellman in 1976, this concept was heretical. It is still counterintuitive.

  • Key has two parts

    • Public: everybody knows or can know

    • Private: only holder knows

  • Based on large prime numbers

WPI


Asymmetric cryptography

Asymmetric Cryptography

Alice

Bob

Bob’s private key

Alice’s message

Bob’s public key

WPI


Curious public key properties

Curious Public Key Properties

  • The encryption function is one-way

  • The encryption process is fungible

    • Can encrypt with public key and decrypt with private key, and vice versa

  • So what?

    • How about using this approach to sign documents?

    • Can a signed document be used for authentication?

WPI


The original goal

The Original Goal

  • Diffie and Hellman did not set out to invent a new kind of cryptography

  • The goal was to find a way to establish symmetrical session keys without prior placement of the keys by some other means

    • i.e. to solve the key distribution problem

  • This is still the primary use of the D-H exchange

WPI


But then

But then...

  • Diffie-Hellman key exchanges proved immensely useful

  • Others found that there other uses for this general crypto principle and algorithms were developed for encrypting data

    • RSA

    • El Gamal

    • etc.

WPI


Something different

Something Different

  • Clearly, asymmetric crypto differs in a basic way from symmetric crypto

    • The keys are mathematically related, and cannot be purely random numbers

    • The algorithms are quite different from the universe of Feistel ciphers and S-boxes

  • Is this a replacement for symmetric crypto, or a complement to it?

WPI


Asymmetric crypto properties

Asymmetric Crypto Properties

  • The encryption function is one-way

  • The encryption process is fungible

    • Can encrypt with public key and decrypt with private key, and vice versa

  • So what?

    • Could this approach be used to sign documents?

    • Can a signed document be used for authentication?

WPI


How does it work

How Does It Work?

  • Asymmetric cryptography is based on modulus arithmetic

  • Modulus arithmetic makes it computation-ally infeasible to recover the number whose modulus is stated, provided certain conditions are met

  • You can cheat: the Windows calculator has a modulus arithmetic mode

WPI


Diffie hellman key exchange 1

Diffie-Hellman Key Exchange-1

  • Alice and Bob agree on a large prime, n and g, where g is primitive mod n. These need not be kept secret

  • Alice chooses a large random integer x and sends to Bob: X=gx mod n

  • Bob chooses a large random integer y and sends to Alice: Y=gy mod n

  • NB: x and y are never transmitted

WPI


Diffie hellman key exchange 2

Diffie-Hellman Key Exchange-2

  • Alice computes k=Yx mod n

  • Bob computes k’=Xy mod n

  • But k = k’ = gxy mod n

  • Therefore, Bob and Alice now have a secret key, k, that they can share for communications

  • Eavesdroppers know only n, g, X, and Y, not x or y, which are required to compute k

WPI


Diffie hellman security

Diffie-Hellman Security

  • D-H security depends on the difficulty of factoring large numbers (size of n)

  • It is computationally infeasible to recover x and y from the data known to an eavesdropper by any means other than exhaustive key search

  • Caveats

    • n must be large

    • ((n-1)/2) should also be prime

    • g can be small -- even one digit

WPI


Diffie hellman drawbacks

Diffie-Hellman Drawbacks

  • Slow!

    • Computationally intensive

    • Requires several communications exchanges

  • Example:

    • Using D-H to set up a session key in a cellular telephone could take nearly one minute!

  • So, other key exchange protocols have been established that are more efficient

WPI


Asymmetric crypto uses

Asymmetric Crypto Uses?

  • Only good for key exchange?

  • As it turns out, NO

    • Other algorithms useful for providing data secrecy, like symmetric cryptography

    • Can be used to provide

      • confidentiality

      • integrity

      • authenticity

WPI


Rsa encryption algorithm

RSA Encryption Algorithm

  • Ron Rivest, Adi Shamir, Len Adelman

    • First published 1978, from MIT

    • Block cipher, asymmetric key

    • Plain and cipher texts are integers between 0 and n-1, for some n that is part of the keys

  • Like all asymmetric key systems, RSA depends for security on the difficulty of factoring large numbers

    • There is a problem here

WPI


Rsa mechanics

RSA Mechanics

  • C = ciphertext

    • C = Me mod n

  • M = plaintext

    • M = Cd mod n = (Me)d mod n = Med mod n

  • Both parties know n, e

  • Only the receiving party knows d

WPI


Therefore

Therefore...

  • Public key: KU = {e,n}

  • Private key: KR = {d,n}

  • Requirements for this to work:

    • e, d, n exist such that Med = M mod n for all M<n

    • Easy to calculate Meand C for M<n

    • Infeasible to calculate d given e, n

      • Computationally secure if e, n sufficiently large

WPI


Important definitions

Important Definitions

  • Euler’s totient function, (n)

    • Defined as the number of positive integers < n and relatively prime to n

    • Can show that if n=pq, (n) = (p-1)(q-1)

  • Relatively prime numbers

    • a and b (integers) are relatively prime if they have no prime factors in common

      • i.e. only common prime factor is unity

WPI


Rsa example

RSA Example

  • Select two primes: p = 7, q = 17

  • Calculate n = pq = 7 x 17 = 119

  • Calculate (n) = (p-1)(q-1) = 6 x 16 = 96

  • Select e relatively prime to & less than (n)

    • In this example e = 5

  • Calculate d = e-1 mod (n) = 77

  • KU = {5, 119} KR = {77, 119}

This bit is

perhaps unclear

Public key Private key

WPI


Another view

Another View

  • d = e-1 mod (n) looks difficult, as e-1< 1

  • Multiply both sides by e, which gives

    de = 1 mod (n), where (n) = 96 in this case

  • e has been selected as being 5, therefore we must now find the value for d that satisfies the above equation

  • 77 is that value, as 5 x 77 = 1 mod 96

    77 x 5 = 385 = 4 x 96 + 1

WPI


Rsa encrypt decrypt

RSA Encrypt/Decrypt

  • Using KU, KR we have calculated, let M=19 (plaintext)

    • KU = {5, 119} KR = {77, 119}

  • Encryption:

    • Me mod n = 195 mod 119 = 66 = C (ciphertext)

  • Decryption

    • Cd mod n = 6677 mod 119 = 19 = M (plaintext)

  • Q.E.D.

Public key e , n Private key d, n

WPI


Rsa importance

RSA Importance

  • Together with Diffie-Hellman, RSA is the most widely used asymmetric key algorithm

  • RSA was patented by its inventors, but the patents expired in 2000

  • RSA is now freely usable by anyone, and is widely incorporated into common products, such as web browsers, VPN devices, etc.

WPI


Breaking rsa

Breaking RSA

  • Discover the private key, d

    • Easy to do if p and q, factors of n, are known

    • Hard part is factoring n

    • Factoring 200-digit n has been done

  • Find eth roots mod n

    • Not known to be equivalent to factoring

    • No general methods known

  • Brute force key search

WPI


Practical rsa security

Practical RSA Security

  • Choose a sufficiently large n

    • 200 digits  663 bits, which has been factored

      • 9 May 2005, Jens Franke, et al., Univ. of Bonn

    • So, choose n > 1000 bits (1024, 2048, 4096)

    • Evaluate how long security is required, as longer keys require more computation, and are therefore slower to encrypt/decrypt

  • Guard the private key carefully!

WPI


Why do we want to do this

Why Do We Want to Do This?

  • Symmetric cryptography is fast

  • Asymmetric cryptography is slow

    • As much as 1000X slower than symmetric

  • Therefore, we want to use the slow asymmetric crypto -- which does not require prepositioning of keys -- to create and/or exchange symmetric session keys so that data can be exchanged quickly

WPI


Crypto summary

Crypto Summary

  • Both symmetric and asymmetric crypto have their uses in communications

  • Symmetric keys can be purely random, but asymmetric keys are mathematically related

  • Symmetric crypto is much faster than asymmetric, which leads to combining the types in practical applications

WPI


Homework

Homework

  • Read Bishop, Chapters 9 & 11

  • Prove that decryption in a Feistel cipher can be done by applying the encryption algorithm to the ciphertext, with the key schedule reversed.

  • Suppose a sequence of plaintext blocks, x1…xn, yields the ciphertext sequence y1…yn. Suppose that one ciphertext block, say yi, is transmitted incorrectly. Show that the number of plaintext blocks that will be decrypted incorrectly is equal to one in ECB or EFB modes, and equal to two if CBC or CFB modes are used.

WPI


  • Login