Lecture 11 Network Security (1)

1
Lecture 11Network Security (1)
2
Outline

• Network Security Concepts
• Principles of cryptography
• Authentication
• Integrity
• Key Distribution and certification
• Security in many layers

3
Network Security

• Confidentiality (Secrecy) only sender, intended
  receiver should understand message contents
• sender encrypts message
• receiver decrypts message
• Authentication sender, receiver want to confirm
  identity of each other
• Message Integrity sender, receiver want to
  ensure message is not altered (in transit, or
  afterwards) without detection
• Access and Availability services must be
  accessible and available to users

4
Friends and Enemies

• well-known in network security world
• A and B want to communicate securely
• C (intruder) may intercept (passive intruder),
  delete, add messages (active intruder)

5
Who Might A, B and C be?

• Possible A and B
• real-life human users
• Web browser/server for electronic transactions
  (e.g., on-line purchases)
• on-line banking client/server
• DNS servers
• routers exchanging routing table updates

• Possible C
• eavesdrop intercept messages
• actively insert messages into connection
• impersonation can fake (spoof) source address in
  packet (or any field in packet)
• hijacking take over ongoing connection by
  removing sender or receiver, inserting himself in
  place
• denial of service prevent service from being
  used by others (e.g., by overloading resources)

6
Outline

• Network Security Concepts
• Principles of cryptography
• Authentication
• Integrity
• Key Distribution and certification
• Security in many layers

7
The Language of Cryptography
As encryption key
Bs decryption key
encryption algorithm
decryption algorithm
ciphertext
plaintext
plaintext
C

• symmetric key cryptography sender, receiver keys
  identical
• public-key cryptography encryption key public,
  decryption key secret (private)

8
Symmetric Key Cryptography

• substitution cipher substituting one thing for
  another
• Caesar cipher taking each letter in the
  plaintext message and substituting the letter
  that is k letters later (allowing wraparound),
  i.e. if k4, then the letter "a" in plaintext
  becomes "d" in cipher text "b" in plaintext
  becomes "e" in cipher text, and so on.
• monoalphabetic cipher substitute one letter for
  another

plaintext abcdefghijklmnopqrstuvwxyz
ciphertext mnbvcxzasdfghjklpoiuytrewq
E.g.
Plaintext hello there
ciphertext acggk uacoc
9
Symmetric Key Cryptography

• Vigenere ciphers uses multiple monoalphabetic
  ciphers, with a specific monoalphabetic cipher to
  encode a letter in a specific position in the
  plaintext message.
• Example two different Caesar ciphers C1( k6)
  and C2(k20), used in the repeating pattern C1,
  C2, C2. i.e. the first letter of plaintext is to
  encoded using C1, the second and third using C2.
  The pattern then repeats.

Plaintext hello there
ciphertext mxeqh mmxkj
10
Symmetric Key Cryptography

• Transposition Cipher

11
Symmetric Key Cryptography DES

• DES Data Encryption Standard US encryption
  standard NIST 1993
• DES operation
• 56-bit symmetric key, 64-bit plaintext input
• initial permutation 16 identical rounds of
  function application, each using different 48
  bits of key final permutation
• How secure is DES?
• DES Challenge 56-bit-key-encrypted phrase
  (Strong cryptography makes the world a safer
  place) decrypted (brute force) in 4 months
• no known backdoor decryption approach
• making DES more secure
• use three keys sequentially (3-DES) on each datum

12
Public Key Cryptography

• symmetric key cryptography
• requires sender, receiver know shared secret key
• Q how to agree on key in first place
  (particularly if never met)

• public key cryptography
• radically different approach Diffie-Hellman76,
  RSA78
• sender, receiver do not share secret key
• public encryption key known to all
• private decryption key known only to receiver

13
Public Key Cryptography

Bs public key
K
B
-
Bs private key
K
B
encryption algorithm
decryption algorithm
plaintext message
plaintext message, m
ciphertext
14
Public Key Encryption Algorithms

• Requirements
• need KB(.) and K-B(.) such that
• given public key KB it should be impossible to
  compute private key K-B
• RSA Rivest, Shamir, Adelson algorithm

15
RSA Encryption Decryption

• Choosing Keys
• Choose two large prime numbers p, q. (e.g., 1024
  bits each)
• Compute n pq, z (p-1)(q-1)
• Choose e (with eltn) that has no common factors
  with z. (e, z are relatively prime).
• Choose d such that ed-1 is exactly divisible by
  z. (in other words ed mod z 1 ).
• Public key is (n,e). Private key is (n,d).

• Encryption/Decryption
• Given (n,e) and (n,d) as computed above
• To encrypt bit pattern, m, compute
• c me mod n (i.e., remainder when me is
  divided by n)
• To decrypt received bit pattern, c, compute
• m cd mod n (i.e., remainder when cd is
  divided by n)

16
RSA Example

• B chooses p5, q7. Then n35, z24.
• e5 (so e, z relatively prime).
• d29 (so ed-1 exactly divisible by z).

17
RSA Property

• Why is that

18
RSA Property
RSA also holds the following property
(md)e mod n m (me)d mod n
use private key first, followed by public key
use public key first, followed by private key
Result is the same!
19
Outline

• Network Security Concepts
• Principles of cryptography
• Authentication
• Integrity
• Key Distribution and certification
• Security in many layers

20
Authentication

• Goal B wants A to prove its identity to him
• authentication must be done solely on the basis
  of messages and data exchanged as part of an
  authentication protocol.
• Protocol ap1.0 A says I am A

I am A
in a network, B can not see A, so C simply
declares itself to be A
B
A
I am A
C
21
Authentication

• Protocol ap2.0 A says I am A in an IP packet
  containing its source IP address

B
C can create a packet spoofing with As address
A
C
22
Authentication

• Protocol ap3.0 A says I am A and sends her
  secret password to prove it.

A
B
As password
As IP addr
Im A
B
A
playback attack C records As packet and
later plays it back to B
C
23
Authentication

• Protocol ap3.1 A says I am A and sends her
  encrypted secret password to prove it.

encrypted password
As IP addr
Im A
record and playback still works!
B
A
C
24
Authentication

• Goal avoid playback attack
• Nonce number (R) used only once in-a-lifetime
• ap4.0 to prove A is alive, B sends nonce, R
  to A. A must return R, encrypted with shared
  secret key

I am A
A
B
R
A is live, and only A knows key to encrypt nonce,
so it must be A!
25
Authentication

• ap4.0 requires shared symmetric key
• can we authenticate using public key techniques?
• ap5.0 use nonce, public key cryptography

I am A
A
B computes
B
R
and knows only A could have the private key, that
encrypted R such that
send me your public key
26
Authentication Security Hole

• Intruder in the middle attacks C poses as A (to
  B) and as B (to A)

I am A
I am A
C
B
A
R
R
Send me your public key
Send me your public key
C gets
sends m to A encrypted with As public key
27
Authentication Security Hole

• Intruder in the middle attacks C poses as A (to
  B) and as B (to A)
• Difficult to detect
• B receives everything that A sends, and vice
  versa. (e.g., so B, and A can meet one week later
  and recall conversation)
• problem is that C receives all messages as well!

28
Outline

• Network Security Concepts
• Principles of cryptography
• Authentication
• Integrity
• Key Distribution and certification
• Security in many layers

29
Digital Signatures

• Cryptographic technique analogous to hand-written
  signatures.
• sender (B) digitally signs document,
  establishing he is document owner/creator.
• verifiable, non-forgeable recipient (A) can
  prove to someone that B, and no one else
  (including A), must have signed document
• Simple digital signature for message m
• B signs m by encrypting with his private key K-B,
  creating signed message, K-B(m)

30
Digital Signatures

• Suppose A receives message m, digital signature
  K-B(m)
• A verifies m signed by B by applying Bs public
  key KB to K-B (m) then checks KB(K-B(m) ) m.
• If KB(K-B(m) ) m, whoever signed m must have
  used Bs private key.
• A thus verifies that
• B signed m.
• No one else signed m.
• B signed m and not m.
• Non-repudiation
• A can take m, and signature KB(m) to court and
  prove that B signed m.

31
Message Digests

• Computationally expensive to
• public-key-encrypt long
• messages
• Goal fixed-length, easy- to-compute digital
  fingerprint
• apply hash function H to m, get fixed size
  message digest, H(m).
• Hash function properties
• many-to-1
• produces fixed-size message digest (fingerprint)
• given message digest x, computationally
  infeasible to find m such that x H(m)

32
Digital Signature Signed Message Digest
A verifies signature and integrity of digitally
signed message
B sends digitally signed message
H(m)
Bs private key
Bs public key
equal ?
33
Internet Checksum Poor Hash Function

• Internet checksum has some properties of hash
  function
• produces fixed length digest (16-bit sum) of
  message
• is many-to-one
• But given message with given hash value, it is
  easy to find another message with same hash value

34
Hash Function Algorithms

• MD5 hash function widely used (RFC 1321)
• computes 128-bit message digest in 4-step
  process.
• arbitrary 128-bit string x, appears difficult to
  construct message m whose MD5 hash is equal to x.
• SHA-1 is also used.
• US standard NIST, FIPS PUB 180-1
• 160-bit message digest

35
Reading Material

• Chapter 7 text3 (Kurose)
• Chapter 8 text2 (Tanenbaum)