Create Presentation
Download Presentation

Download Presentation
## Chapter 7 Network Security

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -

**Computer networking -A top-down approach featuring the**internet4th Edition, 2008Addison WesleyJames F. Kurose, Keith W. RossISBN 0-321-49770-8 Communication Networks P. Demeester Chapter 7Network Security Network Security**Chapter 7: Network Security**Chapter goals: understand principles of network security: cryptography and its many uses beyond “confidentiality” authentication message integrity key distribution security in practice: firewalls security in application, transport, network, link layers Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**What is network security?**Confidentiality: only sender, intended receiver should “understand” message contents • sender encrypts message • receiver decrypts message Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or afterwards) without detection, also check sender Access and Availability: services must be accessible and available to (legitimate) users (<> DoS) Network Security**Friends and enemies: Alice, Bob, Trudy**data, control messages channel Alice Bob secure sender secure receiver data data Trudy • well-known in network security world • Bob, Alice want to communicate “securely” (requiring data and control messages) • Trudy (intruder) may intercept, delete, add messages Network Security**Who might Bob, Alice be?**• real-life Bobs and Alices! • Web browser/server for electronic transactions (e.g., on-line purchases) • on-line banking client/server • DNS servers • routers exchanging routing table updates • … Network Security**What may happen ?**• eavesdrop: intercept messages (passive) • actively insert messages into connection • impersonation: can fake (spoof) source address in packet (or any field in packet) • hijacking: “take over” ongoing connection by removing sender or receiver, inserting himself in place • denial of service: prevent service from being used by others (e.g., by overloading resources) See also www.cert.org Network Security**CASE 1 : Home Network with single PC**FTP server public gateway router PUBLIC INTERNET Ethernet Twisted pair ADSL multiplexer ADSL modem Mail server Trudy Network Security**CASE 2 : Company Network : multiple PC’s/servers**FTP server public gateway router PUBLIC INTERNET Ethernet 10/100 Mbit/s or 1 Gbit/s Ethernet Switch or Hub Fiber Web server Trudy Trudy Network Security**Ref. Scenario 1 : protection of information in transit**e-mail server Wireless IEEE 802.11 Trudy Trudy Trudy Trudy PC Switch Router Laptop Appl Appl Appl Transp Transp Transp Netw Netw Netw SSL SSL Data Data Data Phy Phy Phy Data PGP Phy IPSec IPSec Netw Netw Netw Netw Netw Data Data Data Data Data Phy Phy Phy Phy Phy WEP wireless Network Security**Ref. Scenario 2: protection of information on computers**Internet Explorer Netscape FTP-server … … PW … … HTTP FTP 20,21 80 UDP TCP 13 6 IP 157.193.144.12 How to enter the computer ? Password Port number Protocol number IP address Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**The language of cryptography**Alice’s encryption key Bob’s decryption key Alice Bob ciphertext plaintext plaintext or cleartext encryption algorithm decryption algorithm K K A B Trudy symmetric key cryptography: sender, receiver keys identical and secret public-key cryptography: encryption key public, decryption key secret (private) [or vice versa] Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.2.1. Symmetric Key Encryption 7.2.2. Public Key Encryption 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**Symmetric key cryptography**E.g.: plaintext: bob. i love you. alice substitution cipher: substituting one thing for another • monoalphabetic cipher: substitute one letter for another plaintext: abcdefghijklmnopqrstuvwxyz ciphertext: mnbvcxzasdfghjklpoiuytrewq ciphertext: nkn. s gktc wky. mgsbc Network Security**Symmetric key cryptography**K K A-B A-B K (m) A-B K (m) m = K ( ) A-B A-B symmetric key cryptography: Bob and Alice share same (symmetric) key: KA-B e.g., key is knowing substitution pattern in mono alphabetic substitution cipher Alice Bob ciphertext plaintext plaintext message, m encryption algorithm decryption algorithm Network Security**How to break the cipher ?**• Ciphertext-only attack • brute force is difficult (26! or 1026 combinations) • statistical analysis : use fact that “e” and “t” are used 13% resp. 9% in English text, use particular combinations : “in”, “ion”, “ing”, … much easier to break • Known-plaintext attack • If we now that Alice and Bob are communicating we may know cipher for a,l,i,c,e,b,o • Chosen-plaintext • the intruder is able to choose the plaintext (e.g. “The quick brown fox jumps over the lazy dog” allows to break the complete cypher) What do we gain ? Network Security**Symmetric key crypto: DES**DES: Data Encryption Standard • US encryption standard [NIST 1993] [www.nist.org] • 56-bit symmetric key, 64-bit plaintext input (block cipher) • How secure is DES? • DES Challenge: 56-bit-key-encrypted phrase (“Strong cryptography makes the world a safer place”) decrypted (brute force) in 4 months (1997) • making DES more secure: • use three keys sequentially (3-DES) • use cipher-block chaining (XOR encrypted 64 bit block j with block j+1 before its encrypted) Network Security**Symmetric key crypto: DES**DES operation initial permutation 16 identical “rounds” each using different 48 bits of key (based on permutations and substitutions) final permutation reverse : from bottom to top**AES: Advanced Encryption Standard**• new (Nov. 2001) symmetric-key NIST standard, replacing DES • processes data in 128 bit blocks • 128, 192, or 256 bit keys • brute force decryption (try each key) taking 1 sec on DES, takes 149 trillion years for AES • Rijndael : Rijmen en Daemen (Belgian Researchers, KULeuven) Network Security**Overview**Network Security A.S. Tanenbaum, computer networks, 2003**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.2.1. Symmetric Key Encryption 7.2.2. Public Key Encryption 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**Public Key Cryptography**public key cryptography • radically different approach [Diffie-Hellman76, RSA78] • sender, receiver do not share secret key • public encryption key known to all • private decryption key known only to receiver symmetric key crypto • requires sender, receiver know shared secret key • Q: how to agree on key in first place (particularly if never “met”)? Network Security**Public key cryptography**Bob’s public key + K B - Bob’s private key K B Alice Bob + K (m) B plaintext message plaintext message, m ciphertext encryption algorithm decryption algorithm - + m = K (K (m)) B B Network Security**Public key encryption algorithms**. . + - 1 need K ( ) and K ( ) such that B B - + 2 K (K (m)) = m B B + given public key K , it should be impossible to compute private key K B - B Requirements: RSA: Rivest, Shamir, Adelson algorithm Network Security**RSA: Choosing keys**+ - K K B B 1. Choose two large prime numbers p, q (e.g., 1024 bits each) p=5, q=7 n=35, z=24 2. Compute n = pq, z = (p-1)(q-1) 3. Choose e (with e<n) that has no common factors with z. (e, z are “relatively prime”). e=5 4. Choose d such that ed-1 is exactly divisible by z. (in other words: ed mod z = 1 ). d=29 (ed-1=144=24.6) 5.Public key is (n,e).Private key is (n,d). e : encryption d : decryption (35,5) Network Security (35,29)**RSA: Encryption, decryption**0. Given (n,e) and (n,d) as computed above (35,5) (35,29) 1. To encrypt bit pattern, m (=12), compute d e c = m mod n m = c mod n 2. To decrypt received bit pattern, c, compute e d (i.e., remainder when m is divided by n) (i.e., remainder when c is divided by n) d e m = (m mod n) mod n Magic happens! c c=125 mod 35=17 c=1729 mod 35=12 Network Security**RSA example summary :**d e m = c mod n c = m mod n e m letter m encrypt: l 17 12 1524832 d c c letter decrypt: 17 12 l 481968572106750915 091411825223071697 Bob chooses p=5, q=7 then n=35, z=24 e=5 (so e, z relatively prime) d=29 (so ed-1 exactly divisible by z) Network Security**RSA: Why is that**Useful number theory result: If p,q prime and n = pq, then: e d ed (m mod n) mod n = m mod n modular arithmetic : {(a mod n).(b mod n)} mod n = (ab) mod n & (a mod n) mod n = a mod n 1 ed mod (p-1)(q-1) = m mod n = m mod n y y mod (p-1)(q-1) d e x mod n = x mod n m = (m mod n) mod n (since ed divisible by (p-1)(q-1) with remainder 1 ) = m Network Security**RSA: another important property**K (K (m)) = m - B B + K (K (m)) - + = B B use private key first, followed by public key use public key first, followed by private key The following property will be very useful later: Result is the same! Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**Authentication**“I am Alice” “I am Alice” Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0:Alice says “I am Alice” in a network, Bob can not “see” Alice, so Trudy simply declares herself to be Alice Alice Bob Trudy Network Security**Authentication: another try**Alice’s IP address Alice’s IP address “I am Alice” “I am Alice” Protocol ap2.0:Alice says “I am Alice” in an IP packet containing her source IP address Trudy can create a packet “spoofing” Alice’s address Alice Bob Trudy Trudy’s first hop router to be configured to forward only IP packets with correct subnetwork address [RFC 2827]; not universally deployed or enforced and maybe Trudy configures her router Network Security**Authentication: another try**Alice’s password Alice’s password Alice’s IP addr Alice’s IP addr “I’m Alice” “I’m Alice” Alice’s IP addr Alice’s IP addr OK OK Protocol ap3.0:Alice says “I am Alice” and sends her secret password to “prove” it. playback attack: Trudy records Alice’s packet and later plays it back to Bob Alice Bob Trudy Network Security**Authentication: another try**encrypted password encrypted password Alice’s IP addr Alice’s IP addr “I’m Alice” “I’m Alice” Alice’s IP addr Alice’s IP addr OK OK Protocol ap3.0:Alice says “I am Alice” and sends her encrypted secret password to “prove” it. playback attack: Still works Alice Bob Trudy Network Security**Authentication: yet another try**“I am Alice” R K (R) A-B Goal:avoid playback attack Nonce:number (R) used only once–in-a-lifetime ap4.0:to prove Alice “live”, Bob sends Alice nonce, R. Alice must return R, encrypted with shared secret key Alice Alice is live, and only Alice knows key to encrypt nonce, so it must be Alice! Bob Network Security**Authentication: ap5.0**“I am Alice” Bob computes R and knows only Alice could have the private key, that encrypted R such that - “send me your public key” K (R) A + + K K A A - - + (K (R)) = R K (K (R)) = R A A A ap4.0 requires shared symmetric key can we authenticate using public key techniques? ap5.0: use nonce, public key cryptography Alice Bob Network Security**Authentication: ap5.0 : security hole**“I am Alice” Bob computes R and believes only Alice could have the private key, that encrypted R such that - “send me your public key” K (R) T + + K K T T - - + (K (R)) = R K (K (R)) = R T T T Trudy replaces Alice Trudy Bob Network Security**ap5.0: security hole**- - K (R) K (R) A T I am Alice I am Alice R R Send me your public key Send me your public key + + + + + + - - K K K K K K K K A A A A T T T T Trudy gets - - + + m = K (K (m)) m = K (K (m)) + + sends m to Alice encrypted with Alice’s public key A T A T K (m) K (m) A T How is this possible ? “man-in-the-middle-attack”: Trudy poses as Alice (to Bob) and as Bob (to Alice) Bob Alice Trudy Use of Certification Authority (CA)! Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Message integrity 7.5 Key Distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**Cryptographic technique analogous to hand-written**signatures. sender (Bob) digitally signs document, establishing he is document owner/creator. verifiable, nonforgeable: recipient (Alice) can prove to someone that Bob, and no one else (including Alice), must have signed document Digital Signatures Network Security**Digital Signatures**Simple digital signature for message m: Bob signs m by encrypting with his private key KB, creating “signed” message, KB(m) - - Bob’s private key Bob’s message, m (m) - - K K Dear Alice I will provide you 2 M$ within the coming month. Best regards, Bob B B Public key encryption algorithm ssdhetiaksjjsdnaekfieqqewjknfeiqwpsjfnwerpanbgbpwwwejnbopweajwerskapqbrmdosrofnqnjfnd Network Security**Suppose Alice receives msg m, digital signature KB(m)**Alice verifies m signed by Bob by applying Bob’s public key KB to KB(m) then checks KB(KB(m) ) = m. If KB(KB(m) ) = m, whoever signed m must have used Bob’s private key. Alice thus verifies that: Bob signed m. No one else signed m. Bob signed m and not m’. Non-repudiation: Alice can take m, and signature KB(m) to court and prove that Bob signed m. Digital Signatures - - - + + - + - Network Security**Computationally expensive to public-key-encrypt long**messages Goal: fixed-length, easy- to-compute digital “fingerprint” apply hash function H to m, get fixed size message digest, H(m). Hash function properties: many-to-1 produces fixed-size msg digest (fingerprint) given message digest x, computationally infeasible to find m such that x = H(m) Message Digests large message m H: Hash Function H(m) Network Security**Internet checksum: poor crypto hash function**ASCII format message ASCII format message I O U 9 0 0 . 1 9 B O B 49 4F 55 39 30 30 2E 31 39 42 4F 42 I O U 1 0 0 . 9 9 B O B 49 4F 55 31 30 30 2E 39 39 42 4F 42 B2 C1 D2 AC B2 C1 D2 AC different messages but identical checksums! Internet checksum has some properties of hash function: • produces fixed length digest (16-bit sum) of message • is many-to-one But given message with given hash value, it is easy to find another message with same hash value: Network Security**Digital signature = signed message digest**H: Hash function H: Hash function large message m large message m H(m) Bob’s private key + - digital signature (decrypt) digital signature (encrypt) K K B B Bob’s public key encrypted msg digest encrypted msg digest + - - KB(H(m)) KB(H(m)) H(m) H(m) equal ? Bob sends digitally signed message: Alice verifies signature and integrity of digitally signed message: Network Security**MD5 hash function widely used (RFC 1321, Ron Rivest)**computes 128-bit message digest in 4-step process. arbitrary 128-bit string x, appears difficult to construct msg m whose MD5 hash is equal to x. SHA-1 is also used. US standard [NIST, FIPS PUB 180-1] 160-bit message digest (more secure compared to MD5) Hash Function Algorithms Network Security**Chapter 7 outline**7.1 What is network security? 7.2 Principles of cryptography 7.3 Authentication 7.4 Integrity 7.5 Key distribution and certification 7.6 Access control: firewalls 7.7 Attacks and counter measures 7.8 Security in many layers Network Security**Symmetric key problem:**How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When Alice obtains Bob’s public key (from web site, e-mail, diskette), how does she know it is Bob’s public key, not Trudy’s? Solution: trusted certification authority (CA) Trusted Intermediaries Network Security**Key Distribution Center (KDC)**KDC KX-KDC KY-KDC KZ-KDC KA-KDC KA-KDC KB-KDC KB-KDC KP-KDC KP-KDC Bob Peter Alice • Alice, Bob need shared symmetric key. • KDC: server shares different secret key with each registered user (many users) • Alice, Bob know own symmetric keys, KA-KDC KB-KDC , for communicating with KDC. Network Security