What is network security? Friends and enemies: Alice, Bob, Trudy - PDF document

Network security Network security Foundations: � what is security? � cryptography Network Security Network Security � authentication � message integrity � key distribution and certification Security in practice: Srinidhi Varadarajan � application layer: secure e-mail � transport layer: Internet commerce, SSL, SET 2 What is network security? Friends and enemies: Alice, Bob, Trudy What is network security? Friends and enemies: Alice, Bob, Trudy Secrecy: only sender, intended receiver should “understand” msg contents – sender encrypts msg – receiver decrypts msg Figure 7.1 goes here Authentication: sender, receiver want to confirm identity of each other Message Integrity: sender, receiver want to ensure message not altered (in transit, or � well-known in network security world afterwards) without detection � Bob, Alice want to communicate “securely” � Trudy, the “intruder” may intercept, delete, add messages 3 4 Internet security threats Internet security threats Internet security threats Internet security threats Packet sniffing: IP Spoofing: – broadcast media – can generate “raw” IP packets directly from application, putting any value into IP source address field – promiscuous NIC reads all packets passing by – receiver can’t tell if source is spoofed – can read all unencrypted data (e.g. passwords) – e.g.: C pretends to be B – e.g.: C sniffs B’s packets C A A C src:B dest:A payload src:B dest:A payload B B 5 6 Application Layer 1

Internet security threats Internet security threats The language of cryptography The language of cryptography Denial of service (DOS): K B plaint ext K plaint ext – flood of maliciously generated packets “swamp” A receiver ciphert ext – Distributed DOS (DDOS): multiple coordinated sources swamp receiver Figure 7.3 goes here – e.g., C and remote host SYN-attack A C A SYN SYN symmetric key crypto: sender, receiver keys identical SYN SYN SYN B public-key crypto: encrypt key public , decrypt key SYN secret SYN 7 8 Symmetric key cryptography Symmetric key cryptography Symmetric key crypto: DES Symmetric key crypto: DES DES: Data Encryption Standard substitution cipher: substituting one thing for another � US encryption standard [NIST 1993] – monoalphabetic cipher: substitute one letter for another � 56-bit symmetric key, 64 bit plaintext input plaintext: abcdefghijklmnopqrstuvwxyz � How secure is DES? – DES Challenge: 56-bit-key-encrypted phrase (“Strong ciphertext: mnbvcxzasdfghjklpoiuytrewq cryptography makes the world a safer place”) decrypted (brute force) in 4 months E.g.: Plaintext: bob. i love you. alice – no known “backdoor” decryption approach ciphertext: nkn. s gktc wky. mgsbc � making DES more secure – use three keys sequentially (3-DES) on each datum Q: How har d t o break t his simple cipher?: – use cipher-block chaining •br ut e f orce (how har d?) •ot her ? 9 10 Public Key Cryptography Public Key Cryptography Symmetric key Symmetric key symmetric key crypto crypto: DES crypto: DES public key � requires sender, DES operat ion receiver know cryptography shared secret key � radically different initial permutation approach [Diffie- � Q: how to agree on 16 identical “rounds” Hellman76, RSA78] of function key in first place application, each (particularly if never � sender, receiver do using different 48 “met”)? not share secret key bits of key � encryption key final permutation public (known to all) � decryption key private (known only to receiver) 11 12 Application Layer 2

Public key cryptography Public key cryptography Public key encryption algorithms Public key encryption algorithms Two int er-relat ed r equir ement s: need d ( ) and e ( ) such that . . Figure 7.7 goes here 1 B B d (e (m)) = m B B 2 need public and private keys . . for d ( ) and e ( ) B B RSA: Rivest , Shamir, Adelson algorit hm 13 14 Authentication Authentication Authentication: another try Authentication: another try Goal: Bob wants Alice to “prove” her P r ot ocol ap2.0: Alice says “I am Alice” and sends her I P identity to him addr ess along t o “pr ove” it . P r ot ocol ap1.0: Alice says “I am Alice” Failur e scenar io?? Failur e scenar io?? 15 16 Authentication: another try Authentication: another try Authentication: yet another try Authentication: yet another try P r ot ocol ap3.1: Alice says “I am Alice” and sends her P r ot ocol ap3.0: Alice says “I am Alice” and sends her encrypt ed secr et passwor d t o “prove” it . secr et passwor d t o “prove” it . I am Alice encr ypt (passwor d) Failur e scenar io? Failur e scenar io? 17 18 Application Layer 3

Authentication: yet another try Authentication: yet another try Authentication: ap5.0 Authentication: ap5.0 Goal: avoid playback at t ack ap4.0 requires shared symmetric key Nonce: number (R) used onlyonce in a lif et ime – problem: how do Bob, Alice agree on key – can we authenticate using public key techniques? ap4.0: t o prove Alice “live”, Bob sends Alice nonce, R. Alice ap5.0: use nonce, public key cryptography must ret ur n R, encr ypt ed wit h shared secr et key Figure 7.11 goes here Figure 7.12 goes here Failur es, drawbacks? 19 20 ap5.0: security hole ap5.0: security hole Digital Signatures Digital Signatures Man (woman) in the middle attack: Trudy Cryptographic technique Simple digital signature analogous to hand- poses as Alice (to Bob) and as Bob (to Alice) for message m: written signatures. � Bob encrypts m with his � Sender (Bob) digitally private key d B , creating signs document, signed message, d B (m). establishing he is Figure 7.14 goes here � Bob sends m and d B (m) to document owner/creator. Alice. � Verifiable, nonforgeable: recipient (Alice) can verify that Bob, and no one else, signed document. Need “cert if ied” public keys (more lat er … ) 21 22 Digital Signatures (more) Digital Signatures (more) Message Digests Message Digests � Suppose Alice Alice thus verifies that: receives msg m , and – Bob signed m . Computationally expensive to digital signature d B (m) public-key-encrypt long – No one else signed m . Hash function properties: � Alice verifies m messages � Many-to-1 – Bob signed m and not Goal: fixed-length,easy to signed by Bob by � Produces fixed-size msg m’ . compute digital signature, digest (fingerprint) applying Bob’s public “fingerprint” Non-repudiation: � Given message digest x, key e B to d B (m) then computationally infeasible � apply hash function H to m , – Alice can take m , and checks e B (d B (m) ) = m. to find m such that x = get fixed size message signature d B (m) to H(m) � If e B (d B (m) ) = m , digest, H(m). court and prove that � computationally infeasible whoever signed m to find any two messages Bob signed m . must have used Bob’s m and m’ such that H(m) = private key. H(m’). 23 24 Application Layer 4

Hash Function Algorithms Hash Function Algorithms Digital signature = Signed message digest Digital signature = Signed message digest Bob sends digitally signed Alice verifies signature and � MD5 hash function widely � Internet checksum message: integrity of digitally signed used. would make a poor message: – Computes 128-bit message digest. message digest in 4-step – Too easy to find process. two messages with – arbitrary 128-bit string x, same checksum. appears difficult to construct msg m whose MD5 hash is equal to x. � SHA-1 is also used. – US standard – 160-bit message digest 25 26 Key Distribution Center (KDC) Key Distribution Center (KDC) Trusted Intermediaries Trusted Intermediaries Problem: Problem: � Alice,Bob need shared symmetric – How do two entities – When Alice obtains key. establish shared Bob’s public key secret key over (from web site, e- � KDC: server shares network? mail, diskette), how different secret key does she know it is with each registered Solution: Bob’s public key, user. – trusted key � Alice communicates with not Trudy’s? � Alice, Bob know own distribution center KDC, gets session key R1, Solution: symmetric keys, K A- (KDC) acting as and K B-KDC (A,R1) KDC K B-KDC , for intermediary – trusted certification � Alice sends Bob communicating with between entities authority (CA) K B-KDC (A,R1), Bob extracts R1 KDC . � Alice, Bob now share the symmetric key R1. 27 28 Certification Authorities Secure e Secure e- -mail mail Certification Authorities � Certification authority (CA) • Alice want s t o send secr et e-mail message, m, t o Bob. binds public key to particular entity. � Entity (person, router, etc.) can register its public key with CA. – Entity provides “proof of identity” to CA. – CA creates certificate � When Alice wants Bob’s binding entity to public public key: • generat es random symmet ric privat e key, K S . key. � gets Bob’s certificate (Bob or • encr ypt s message wit h K S – Certificate digitally elsewhere). signed by CA. • also encr ypt s K S wit h Bob’s public key. � Apply CA’s public key to • sends bot h K S (m) and e B (K S ) t o Bob. Bob’s certificate, get Bob’s public key 29 30 Application Layer 5