1 / 85

Chapter 8: 网络安全

目标 : 理解网络安全基本原理 : 密码学基础 认证 完整性 密钥分配 实际中的安全 : 防火墙 网络体系结构中不同层的安全. Chapter 8: 网络安全. Chapter 8 内容. 8.1 什么是网络安全 ? 8.2 密码学基础 8.3 认证 8.4 完整性 8.5 密钥分配和证书 8.6 接入控制 : 防火墙 8.7 攻击和对策 8.8 网络体系结构不同层的安全. 什么是网络安全 ?. 保密性 : 只有发送方和意定的接收方能够理解消息的内容 发送方加密消息 接收方解密消息 认证 : 发送方、接收方需要确认彼此的身份

mayten
Download Presentation

Chapter 8: 网络安全

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 目标: 理解网络安全基本原理: 密码学基础 认证 完整性 密钥分配 实际中的安全: 防火墙 网络体系结构中不同层的安全 Chapter 8: 网络安全 8: Network Security

  2. Chapter 8 内容 8.1 什么是网络安全? 8.2密码学基础 8.3认证 8.4完整性 8.5密钥分配和证书 8.6接入控制: 防火墙 8.7攻击和对策 8.8网络体系结构不同层的安全 8: Network Security

  3. 什么是网络安全? 保密性:只有发送方和意定的接收方能够理解消息的内容 • 发送方加密消息 • 接收方解密消息 认证:发送方、接收方需要确认彼此的身份 消息完整性:发送方、接收方需要确保消息没有在无察觉情况下被改变 接入控制和可用性:用户必须能够接入并享用其应得的服务 8: Network Security

  4. 朋友和敌人: Alice, Bob, Trudy • 网络安全界的名人 • Bob, Alice (lovers!) 需要”安全”通信 • Trudy (攻击者) 可以截获、删除、增加消息 Alice Bob data, control messages channel secure sender secure receiver data data Trudy 8: Network Security

  5. Bob, Alice 在实际中可能是谁? • … 首先, 实际生活中叫做Bobs 和 Alices的人 • Web 浏览器/服务器 进行电子交易 (e.g., 在线购物) • 在线银行的 client/server • DNS 服务器 • 路由器 交换路由表更新消息 • 其它例子? 8: Network Security

  6. 坏家伙! Q:坏家伙可以做什么? A:许多! • 窃听 • 消息注入 • 假冒 • 劫持: • 拒绝服务 more on this later …… 8: Network Security

  7. Chapter 8 内容 8.1 什么是网络安全? 8.2 密码学基础 8.3认证 8.4完整性 8.5密钥分配和证书 8.6接入控制: 防火墙 8.7攻击和对策 8.8网络体系结构不同层的安全 8: Network Security

  8. K K A B 密码学术语 Alice’s 加密密钥 Bob’s 解密密钥 对称钥密码学: 发送方、接收方的密钥相同 公钥密码学: 公开的加密密钥, 秘密的解密密钥 encryption algorithm 密文 decryption algorithm 明文 明文 8: Network Security

  9. 对称钥密码学 替换密码: substituting one thing for another • 单表密码: 用一个字母代替另外一个 明文表: abcdefghijklmnopqrstuvwxyz 密文表: mnbvcxzasdfghjklpoiuytrewq 例.: 明文: bob. i love you. alice 密文: nkn. s gktc wky. mgsbc • Q:破解该密码的难度?: • 强力破解 (多难?) • 其它方式? 8: Network Security

  10. K K A-B A-B K (m) m = K ( ) A-B A-B 对称钥密码学 对称钥密码学: Bob 和 Alice 共享密钥: K • 例., 在单表密码中,密钥就是明文表和密文表进行替换的模式 • Q: Bob 和 Alice 如何共享密钥? 加密 算法 解密 算法 密文 明文 明文,m K (m) A-B A-B 8: Network Security

  11. 对称密钥加密算法: DES DES: 数据加密标准 • US 加密标准 [NIST 1993] • 56-bit 对称密钥, 64-bit 分组长度 • DES的安全性? • DES 挑战: 56-bit-密钥加密的短语 (“Strong cryptography makes the world a safer place”) 在强力破解下历经4个月 • 不存在已知的快速解密方法 • 使得DES更加安全: • 对每个数据块依次使用三次DES算法:加密-解密-加密 • 使用CBC模式 8: Network Security

  12. DES 操作 对称密钥算法: DES 初始置换 16 轮函数变换, 每一轮使用不同的48比特密钥 置换 8: Network Security

  13. AES: 高级加密标准 • 2001年11月NIST公布的对称密钥加密标准,用于取代 • 分组长度为128比特 • 128, 192, or 256 bit 密钥 • 如果蛮力破解DES需要1 sec ,那么破解AES需要149 trillion years 8: Network Security

  14. 公钥密码学 对称钥密码学 • 需要发送方和接收方预先知道共享的密钥 • Q: 共享密钥如何生成 (特别是两个人不会碰面的情况)? 公钥密码学 • 密码学发展的新方向 [Diffie-Hellman76, RSA78] • 发送方和接收方不共享密钥 • 公开的加密密钥任何人都可以知道 • 私有的解密密钥只有接收方知道 8: Network Security

  15. + K (m) B - + m = K (K (m)) B B 公钥密码学 + Bob’s 公钥 K B - Bob’s 私钥 K B 加密算法 解密算法 明文消息 密文 明文消息M 8: Network Security

  16. K (K (m)) = m B B - + 2 1 公钥加密算法 需求: : need K ( ) and K ( ) such that . . + - B B + given public key K , it should be impossible to compute private key K B - B RSA: Rivest, Shamir, Adelson algorithm 8: Network Security

  17. + - K K B B RSA: 密钥设定 1.选择两个大素数 p, q. (e.g., 1024 bits each) 2.计算 n = pq, z = (p-1)(q-1) 3.选择 e (with e<n)与z互素 4.选择 d使得 ed mod z = 1 ). 5.Public key is (n,e).Private key is (n,d). 8: Network Security

  18. 1.加密消息, m, 计算 d e m = c mod n c = m mod n e (i.e., remainder when m is divided by n) d e m = (m mod n) mod n RSA: 加密, 解密 0. Given (n,e) and (n,d) as computed above 2.解密密文, c, 计算 d (i.e., remainder when c is divided by n) Magic happens! c 8: Network Security

  19. d e m = c mod n c = m mod n d c RSA 示例: Bob 选择 p=5, q=7. Then n=35, z=24. e=5 (so e, z relatively prime). d=29 (so ed-1 exactly divisible by z. e m m letter encrypt: l 17 1524832 12 c letter decrypt: 17 12 l 481968572106750915091411825223071697 8: Network Security

  20. e d ed (m mod n) mod n = m mod n ed mod (p-1)(q-1) 1 = m = m mod n = m mod n y y mod (p-1)(q-1) d e x mod n = x mod n m = (m mod n) mod n RSA: Why is that 数论基础: If p,q素数,并且n = pq, 那么: (using number theory result above) (since we choseed to be divisible by (p-1)(q-1) with remainder 1 ) 8: Network Security

  21. K (K (m)) = m - B B + K (K (m)) - + = B B RSA: 另外一个重要的属性 The following property will be very useful later: use private key first, followed by public key use public key first, followed by private key Result is the same! 8: Network Security

  22. Chapter 8 内容 8.1 什么是网络安全? 8.2 密码学基础 8.3 认证 8.4完整性 8.5密钥分配和证书 8.6接入控制: 防火墙 8.7攻击和对策 8.8网络体系结构不同层的安全 8: Network Security

  23. 认证:使用明文 Goal: Bob希望Alice能够向Bob证明Alice的身份 Protocol ap1.0:Alice says “I am Alice” “I am Alice” Failure scenario?? 8: Network Security

  24. 认证:使用明文 Goal: Bob希望Alice能够向Bob证明Alice的身份 Protocol ap1.0:Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice “I am Alice” 8: Network Security

  25. Alice’s IP address “I am Alice” 认证:使用IP地址 Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Failure scenario?? 8: Network Security

  26. Alice’s IP address “I am Alice” 认证:使用IP地址 Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address 8: Network Security

  27. Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK 认证:使用口令 Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Failure scenario?? 8: Network Security

  28. Alice’s password Alice’s IP addr “I’m Alice” Alice’s IP addr OK 认证:使用口令 Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. Alice’s password Alice’s IP addr “I’m Alice” playback attack: Trudy records Alice’s packet and later plays it back to Bob 8: Network Security

  29. encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK 认证: 加密的口令 Protocol ap3.1:Alice says “I am Alice” and sends her encryptedsecret password to “prove” it. Failure scenario?? 8: Network Security

  30. encrypted password Alice’s IP addr “I’m Alice” Alice’s IP addr OK 认证: 加密的口令 Protocol ap3.1:Alice says “I am Alice” and sends her encrypted secret password to “prove” it. encrypted password Alice’s IP addr “I’m Alice” record and playback still works! 8: Network Security

  31. K (R) A-B 认证:使用Nonce+对称密钥加密 Goal:避免重放攻击 Nonce:一次性随机数 ap4.0:to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key “I am Alice” R Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Failures, drawbacks? 8: Network Security

  32. - K (R) A + + K K A A - - + (K (R)) = R K (K (R)) = R A A A 认证: 使用Nonce+数字签名 ap4.0 需要共享密钥 • can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography “I am Alice” Bob computes R and knows only Alice could have the private key, that encrypted R such that “send me your public key” 8: Network Security

  33. - - K (R) K (R) A T + + K K A T - - + + m = K (K (m)) m = K (K (m)) + + A T A T K (m) K (m) A T ap5.0: 安全缺陷 Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) I am Alice I am Alice R R Send me your public key Send me your public key Trudy gets sends m to Alice encrypted with Alice’s public key 8: Network Security

  34. ap5.0: 安全缺陷 Man (woman) in the middle attack: Trudy poses as Alice (to Bob) and as Bob (to Alice) • Difficult to detect: • Bob receives everything that Alice sends, and vice versa. (e.g., so Bob, Alice can meet one week later and recall conversation) • problem is that Trudy receives all messages as well! 8: Network Security

  35. Chapter 8 内容 8.1 什么是网络安全? 8.2 密码学基础 8.3 认证 8.4 完整性 8.5密钥分配和证书 8.6接入控制: 防火墙 8.7攻击和对策 8.8网络体系结构不同层的安全 8: Network Security

  36. 类似于手写签名的密码技术 发送方 (Bob) 数字签署某份文档,例如例如Bob是某封邮件的发送着,可以数字签署该邮件,让别人相信该邮件确实是Bob发送的. 可验证, 不可否认:接收方 (Alice) 可以向其它人证明“ Bob曾经签署过这样一份文档,例如Bob曾经发送过某封邮件 数字签名 8: Network Security

  37. 消息 m的简单数字签名: Bob 使用它的私钥KB运行签名算法来签署m,该签名算法可以类似RSA加密,只不过用的是私钥 KB(m) - - K K B B 数字签名 - - Bob’s private key Bob’s message, m (m) Dear Alice Oh, how I have missed you. I think of you all the time! …(blah blah blah) Bob Bob’s message, m, signed (encrypted) with his private key Public key encryption algorithm 8: Network Security

  38. Suppose Alice receives msg m, digital signature KB(m) Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m. If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. 数字签名 - - - + + - + - 8: Network Security

  39. Computationally expensive to public-key-encrypt long messages Goal: fixed-length, easy- to-compute digital “fingerprint” apply hash function H to m, get fixed size message digest, H(m). Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m) 消息摘要 large message m H: Hash Function H(m) 8: Network Security

  40. Internet checksum: poor crypto hash function Internet checksum has some properties of hash function: • produces fixed length digest (16-bit sum) of message • is many-to-one But given message with given hash value, it is easy to find another message with same hash value: ASCII format message ASCII format message I O U 9 0 0 . 1 9 B O B 49 4F 55 39 30 30 2E 31 39 42 4F 42 I O U 1 0 0 . 9 9 B O B 49 4F 55 31 30 30 2E 39 39 42 4F 42 B2 C1 D2 AC B2 C1 D2 AC different messages but identical checksums! 8: Network Security

  41. Digital signature = signed message digest H: Hash function H: Hash function large message m large message m + - digital signature (decrypt) digital signature (encrypt) K K B B encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: H(m) Bob’s private key Bob’s public key equal ? 8: Network Security

  42. MD5 hash function widely used (RFC 1321) computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. SHA-1 is also used. US standard [NIST, FIPS PUB 180-1] 160-bit message digest Hash Function Algorithms 8: Network Security

  43. Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers 8: Network Security

  44. Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: trusted certification authority (CA) Trusted Intermediaries 8: Network Security

  45. KB-KDC KX-KDC KY-KDC KZ-KDC KP-KDC KB-KDC KA-KDC KA-KDC KP-KDC Key Distribution Center (KDC) • Alice, Bob need shared symmetric key. • KDC: server shares different secret key with each registered user (many users) • Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. KDC 8: Network Security

  46. Key Distribution Center (KDC) Q: How does KDC allow Bob, Alice to determine shared symmetric secret key to communicate with each other? KDC generates R1 KA-KDC(A,B) KA-KDC(R1, KB-KDC(A,R1) ) Alice knows R1 Bob knows to use R1 to communicate with Alice KB-KDC(A,R1) Alice and Bob communicate: using R1 as session key for shared symmetric encryption 8: Network Security

  47. + + digital signature (encrypt) K K B B K CA Certification Authorities • Certification authority (CA): binds public key to particular entity, E. • E (person, router) registers its public key with CA. • E provides “proof of identity” to CA. • CA creates certificate binding E to its public key. • certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” Bob’s public key CA private key certificate for Bob’s public key, signed by CA - Bob’s identifying information 8: Network Security

  48. + + digital signature (decrypt) K K B B K CA Certification Authorities • When Alice wants Bob’s public key: • gets Bob’s certificate (Bob or elsewhere). • apply CA’s public key to Bob’s certificate, get Bob’s public key Bob’s public key CA public key + 8: Network Security

  49. A certificate contains: • Serial number (unique to issuer) • info about certificate owner, including algorithm and key value itself (not shown) • info about certificate issuer • valid dates • digital signature by issuer 8: Network Security

  50. Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Authentication 8.4 Integrity 8.5 Key Distribution and certification 8.6 Access control: firewalls 8.7 Attacks and counter measures 8.8 Security in many layers 8: Network Security

More Related