Title: Network Security
1Network Security
- Slides taken from Computer Networking by Kurose
and Ross
2Cryptography
- Greek word meaning secret writing
- Historically the study has been utilized by (1)
the military, (2) diplomatic corps, (3) diarists,
and (4) lovers - Ciphers character-for-character transformation
- Code replaces one word with another
- Vocabulary
- plaintext
- key
- ciphertext
3Network Security
- Friends and enemies Alice, Bob, Trudy
4Internet security threats
- Packet sniffing
- can read all unencrypted data (e.g. passwords)
- e.g. C sniffs Bs packets
5Internet security threats
- IP Spoofing
- can generate raw IP packets directly from
application, putting any value into IP source
address field - receiver cant tell if source is spoofed
- e.g. C pretends to be B
6Encryption Algorithms
- symmetric key crypto sender, receiver keys
identical - public-key crypto encrypt key public, decrypt
key secret
7Symmetric key cryptography
8Symmetric key crypto DES
- DES Data Encryption Standard
- Former US encryption standard NIST 1993
- 56-bit symmetric key, 64 bit plaintext input
- 19 distinct stages
- How secure is DES?
- DES Challenge 56-bit-key-encrypted phrase
(Strong cryptography makes the world a safer
place) decrypted (brute force) in 4 months - making DES more secure
- use three keys sequentially (3-DES) on each datum
9Public Key Cryptography
symmetric key crypto public key cryptography
requires sender, receiver know shared secret key Q how to agree on key in first place (particularly if never met)? radically different approach Diffie-Hellman76, RSA78 sender, receiver do not share secret key encryption key public (known to all) decryption key private (known only to receiver)
10Public key cryptography
eR Receivers public encryption key
dR Receivers private encryption key
11Public key signature
eS Senders private encryption key
dS Senders public encryption key
12RSA Choosing keys
- Key Generation Algorithm
- Generate two large random primes, p and q, of
approximately equal size such that their product
n pq is of the required bit length, e.g. 1024
bits. - Compute n pq and (f) phi (p-1)(q-1).
- Choose an integer e, 1 lt e lt phi, such that
gcd(e, phi) 1. - Compute the secret exponent d, 1 lt d lt phi, such
that ed 1 (mod phi). - The public key is (n, e) and the private key is
(n, d). The values of p, q, and phi should also
be kept secret. - n is known as the modulus.
- e is known as the public exponent or encryption
exponent. - d is known as the secret exponent or decryption
exponent.
13Using the Keys
- Encryption
- Sender A does the following-
- Obtains the recipient B's public key (n, e).
- Represents the plaintext message as a positive
integer m. - Computes the ciphertext c me mod n.
- Sends the ciphertext c to B.
- Decryption
- Recipient B does the following-
- Uses his private key (n, d) to compute m cd
mod n. - Extracts the plaintext from the integer
representative m.
14Trusted Public Keys Digital Certificates
- In a public key environment, it is vital that you
are assured that the public key to which you are
encrypting data is the public key of the intended
recipient. - Digital certificates are used to thwart attempts
to substitute one person's key for another. - A digital certificate consists of three things
- A public key.
- Certificate information. ("Identity" information
about the user, such as name, user ID, and so
on.) - One or more digital signatures.
15Putting It all Together
- Systems can combine the best features of both
symmetric and public key cryptography hybrid
cryptosystems. - These systems create a session key, which is a
one-time-only secret key. This key is a random
number generated from the random movements of
your mouse and the keystrokes you type. This
session key works with a very secure, fast
conventional encryption algorithm to encrypt the
plaintext the result is ciphertext. - Once the data is encrypted, the session key is
then encrypted to the recipient's public key.
This public key-encrypted session key is
transmitted along with the ciphertext to the
recipient.
16Applications
- Secure Shell (SSH) part of the Linux distribution
- Seems to include secure FTP
- PuTTY for Windows machines
- Includes secure FTP
- PGP for secure email
- Internet e-mail encryption scheme, a de-facto
standard. - Uses symmetric key cryptography, and public key
cryptography - Inventor, Phil Zimmerman, was target of 3-year
federal investigation.
17In-class assignment
- Use telnet to connect to your CSCI account using
SSH.
- Start SSH
- Start -gt All Programs-gt SSH Secure Shell -gt
Secure Shell Client
18In-class assignment
- Login to your csci account by selecting the Quick
Connect option on the tool bar - Enter the machine name
- busbee.cs.unca.edu
- Enter your user name
- the first 6 letters of your last name followed
by your first initial and middle initial - Answer YES in the next window and then enter your
password - csci followed by last 4 digits of student id
19In-class assignment
- Go to your public_html directory
- Use the cd (i.e., change directory) command
20In-class assignment
- Edit your web page per the recommendations of
your peer review using the pico editor.
21In-class assignment
- Your mouse will be useless during your telnet
session. - Useful Pico commands appear at the bottom of the
screen - represents the control key
- X means hold the control key down and depress
the x key at the same time