Download Network security - Massey University

Document related concepts

Zero-configuration networking wikipedia , lookup

Computer network wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Deep packet inspection wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Network tap wikipedia , lookup

Airborne Networking wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Computer security wikipedia , lookup

Distributed firewall wikipedia , lookup

Wireless security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript
Network security
Foundations:
 what is security?
 cryptography
 authentication
 message integrity
 key distribution and certification
Security in practice:
 application layer: secure e-mail
 transport layer: Internet commerce, SSL, SET
 network layer: IP security
Network Security
1
Network Security
Network Entities: Friends and Enemies
Insecure
medium
 well-known in network security world
 Bob, Alice want to communicate 'securely'
 Trudy, the intruder may intercept, delete, add messages
Routers – exchange tables
Email applications – exchange secure emails
Client-server – establish secure transport connection
Network Security
2
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION
1
Secrecy: only sender, intended receiver
should understand message contents
 sender
encrypts messages
 receiver decrypts messages
2
3
Authentication: sender, receiver want to
confirm identity of each other
Message Integrity: sender, receiver want to
be sure message did not get altered (in
transit), or get altered without detection
Network Security
3
What is network security?
DESIRABLE PROPERTIES OF SECURE CONNECTION
4
Availability and Access Control:
 communication can occur in the first place
 Prevent
Denial-of-Service attacks (DoS)
 ensures network entities can gain access to
resources if they have access rights and
perform accesses in a well-defined manner
 Firewall
– controls access to and from the
network by regulating which packet can pass
into and out of the network
Network Security
4
Network Security
CYCLE IN ACHIEVING NETWORK SECURITY
1
2
3
Protect: network communication and network
resources
Detect: breaches of secure communication &
attacks on infrastructure
Respond: deployment of additional protection
mechanisms
Network Security
5
Internet security threats
Sniffer – tool for capturing packets sent across wire/air
Packet sniffing:
 broadcast
media (remember CSMA/CD
protocol)
 promiscuous NIC reads all packets passing by
 can read all unencrypted data (e.g. passwords)
 e.g.: C sniffs B's packets
C
A
src:B dest:A
e.g. TCPDump, Snoop, Snort, Ethereal
payload
B
Network Security
6
Ethereal
An adapter could be
set to listen in
promiscuous mode.
Let’s see a sample
capture file from
Ethereal
Network Security
7
Internet security threats
Spoofing: providing false information about your identity in order to
gain unauthorized access to systems
IP Spoofing:
 can
generate raw IP packets directly from
application, putting any value into IP source
address field
 receiver can't tell if source is spoofed
 e.g.: C pretends to be B
C
A
src:B dest:A
payload
B
Network Security
8
Internet security threats
Attack: to reduce ability to service clients by overloading target
Denial of service (DOS):
 flood
of maliciously generated packets swamp
receiver
 Distributed DOS (DDOS): multiple coordinated
sources swamp receiver
 e.g., C and remote host SYN-attack A
C
A
SYN
SYN
SYN
SYN
SYN
B
SYN
SYN
Network Security
9
DoS
Exploits basic weakness of TCP/IP Protocol
Recall
• Attacker sends thousands and thousands of SYN packets to the victim
• Victim is forced to wait for replies that would never come.
• While the host is waiting for so many replies, it cannot accept any
legitimate requests, so it becomes unavailable
Network Security
10
The language of cryptography
plaintext
K
K
A
ciphertext
B
plaintext
Figure 7.3 goes here
symmetric key crypto: sender, receiver keys identical
public-key crypto: encrypt key public, decrypt key
secret
Network Security
11
Cryptography
From Alice to Bob: (SENDER)
Key: KA
Encryption
Algorithm
Plaintext
Message: m
Ciphertext:
KA(m)
Bob’s side: (RECEIVER)
Encrypted
Message: KA
key: KB
Decryption Algorithm
Plaintext: m
KB(KA(m))
Symmetric key systems: KA=KB, kept secret
Public key systems: 1 key: known to the world
12
Network Security
other key: known only by Alice or Bob
(but not both)
Monoalphabetic Cipher
Substitution of letters without any regular pattern
 Any letter can be substituted with any other letter, as
long as each letter has a unique substitute letter, and
vice-versa
plaintext:
abcdefghijklmnopqrstuvwxyz
ciphertext:
mnbvcxzasdfghjklpoiuytrewq
E.g.:
Plaintext: bob. i love you. alice
ciphertext: nkn. s gktc wky. mgsbc
Q: How hard to break this simple cipher?:
Better than Ceasar’s cipher (shift cipher) in that there are 26! (on the order of 1026)
Possible pairings of letters
Network Security
13
Monoalphabetic Cipher
Substitution of letters without any regular pattern
 Any letter can be substituted with any other letter, as
long as each letter has a unique substitute letter, and
vice-versa
9% of letter
occurrences
13% of
letter
occurrences
“e” and “t” are the most frequently occurring letters in
English
Two- and three-letter occurrences of letters appear quite
often together
(e.g. “in”, “it”, “the”, “ion”, “ing”, etc.)
If intruder has some knowledge about possible contents of the message, code is even
14
Network Security
easier to break
Symmetric key crypto: DES
DES: Data Encryption Standard
 US encryption standard [NBS 1977, NIST 1993]
 Designed
by IBM; adopted by the U.S. Government for
non-military and non-classified use
 56-bit symmetric key, 64-bit plain text input
GOAL:
Completely scramble data and key so that every bit of ciphertext
depends on every bit of data and every bit of the key.. With a good
algorithm, there should be no correlation between the ciphertext
and either the original data or key.
Network Security
15
Symmetric key
crypto: DES
DES operation
initial permutation
16 identical 'rounds' of function
application, each using
different 48 bits of key
final permutation
• involve multiple rounds
• block cipher - plaintext is divided
into blocks and use the same key
to encrypt and decrypt the blocks

Network Security
For encrypting longer messages: use cipher-block
chaining
16
Symmetric key crypto: DES
 How secure is DES?
 ’97
DES Challenge: 56-bit-key-encrypted phrase: ('Strong
cryptography makes the world a safer place') decrypted
(brute force) in 4 months
• After testing a quarter of the key space: 18 quadrillion keys
 no
known backdoor decryption approach
 making DES more secure
 use
three keys sequentially (3-DES) on each datum
 Successor to DES: (2001) AES: Advanced
Encryption Standard
 128-bit
block data processing; keys: 128,192,256 bits long
 A machine that could crack 56-bit DES in one sec. (i.e. 255
per second) would approx. take 149 trillion years to crack a
17
Network Security
128-bit AES key
Public Key Cryptography
Is it possible to communicate with encryption without having a shared
secret key known in advance?
symmetric key crypto
 requires sender,
receiver know
shared secret key
 Q: how to agree on
key in first place
(particularly if
never met)?
 Typical problem in
the Internet
public key cryptography
 radically different
approach [DiffieHellman76, RSA78]
 sender, receiver do not
share a secret key
 encryption key public
(known to all)
 decryption key private
(known only to receiver)
Network Security
18
Public key cryptography
Figure 7.7 goes here
Network Security
19
Public key encryption algorithms
Two inter-related requirements:
.
.
1 need d ( ) and e ( ) such
B
B
that
d (e (m)) = m
B
B
2 need public and private keys
for dB ( ) and e ( )
.
B
.
RSA: Rivest, Shamir, Adleman algorithm
Network Security
20
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e < n) that has no common factors
with z. (e, z are 'relatively prime').
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
In mathematics, a prime number (or a prime) is a natural number
that has exactly two (distinct) natural number divisors, which are 1
and the prime number itself. The first 30 prime numbers are 2, 3,Network
5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
21
Security
41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, and 113
RSA: Encryption, decryption
0. Given (n,e) and (n,d) as computed above
1. To encrypt bit pattern, m, compute
e
c = m e mod n (i.e., remainder when m is divided by n)
2. To decrypt received bit pattern, c, compute
m = c d mod n (i.e., remainder when cd is divided by n)
Magic
happens!
m = (m e mod n) d mod n
Network Security
22
RSA example:
Bob chooses p=5, q=7. Then n=35, z=24.
e=5 (so e, z relatively prime).
d=29 (so ed-1 exactly divisible by z.
encrypt:
letter
l
decrypt:
c
17
d
c =
m
me
12
248832
d
c
c = me mod n
17
m = cd mod n letter
12
l
481968572106750915091411825223072000 - too big !! (int type)
Network Security
23
RSA:how strong is it??
RSA Challenges:
 Prize offered to anyone who can break an RSA key of a certain
size
 (See www.rsasecurity.com/rsalabs )
 US$200,000.00 for whoever solves a 2048 bits
factorization problem. No one claimed the prize so far...
 Last challenge solved:
 RSA-576 $10,000 Factored in 2003 by J. Franke et al.
 Using a powerful parallel machine and very clever
algorithms
 Currently RSA-1024 is commonly used in practice
 RSA key's size matters, see next...
Network Security
24
Authentication
Process of proving one’s identity to someone else over a network
 “live” party (often routers, client-server processes)
 Cannot rely on biometric information
 Must be done solely on the basis of messages and data
exchanged
 Must be performed before other protocols:
E.g.
Next

Reliable data transfer protocol

Routing information exchange protocol

E-mail protocol
Let’s see stepwise evolution of a design of an authentication protocol (ap)
Network Security
25
Authentication
Goal: Bob wants Alice to prove her identity to
him
Protocol ap1.0: Alice says ''I am Alice''
Failure scenario??
Network Security
26
Authentication: using IP
Protocol ap2.0: Alice says ''I am Alice'' and sends her IP
address along to prove it.
Failure scenario??
Create an Operating system kernel
that sends an IP datagram using
Alice’s IP address
Not unless first-hop router of Trudy would prevent it
Network Security
27
Authentication: Secret Password
Protocol ap3.0: Alice says ''I am Alice'' and sends her
secret password to prove it.
Failure scenario?
Passwords are sent as cleartext
for some applications (e.g. Telnet).
Within the same LAN, it can be
sniffed
WireShark
Network Security
28
Authentication: Encrypted Secret Password
Protocol ap3.1: Alice says ''I am Alice'' and sends her
encrypted secret password to prove it.
Assumption: Symmetric key cryptography is employed
I am Alice
encrypt(password)
Shared Secret key
Failure scenario?
Playback attack:
record encrypted password,
playback encrypted password
version to Bob to pretend that she
is Alice
*Password is not learned by Trudy
Pitfall: same password is used over and over again.
Network Security
29
Playback Attack
How to solve it?
Failure Scenario:
Bob cannot distinguish between the original
authentication and its playback version
Countermeasures:
Use a different password each time
• use a sequence of passwords or password
generator (could be a number)
• apply encryption algorithm to each password
Bob knows: Alice is indeed sending the datagram, because she knows the
secret encryption key, and she is sending it “live” because she is using
30
Network Security
the number recently generated by Bob.
Authentication: Sequence of Encrypted Secret
Passwords
Nonce + Symmetric key Cryptography (Shared Secret Key)
Goal: avoid playback attack
Nonce: number (R) used only once in a lifetime
ap4.0: to prove Alice is live, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key
Figure 7.11 goes here
Failures, drawbacks?
We have a solution! Bob knows: Alice is indeed sending the datagram, because she knows the secret
31
Network Security
encryption key, and she is sending it “live”
Authentication: ap5.0
Ap5.0: Nonce + Public key cryptography
ap4.0 requires shared symmetric key
– problem: how do Bob, Alice agree on key
– can we authenticate using public key techniques?
Problem: Trudy may be able to impersonate Alice
Figure 7.12 goes here
*Note: eA(dA(R)) = dA(eA(R)) = R
Trudy
Network Security
32
Eventually, Alice & Bob may find together that someone else was interacting with Bob.
ap5.0: security hole
Man (woman)-in-the-middle attack: Trudy poses
as Alice (to Bob) and as Bob (to Alice)
Alice is
happy to
receive
encrypted
message
using her
own public
key
Figure 7.14 goes here
Bob is happy
to send
encrypted
data
Need 'certified' public keys
(more later …)
Alice & Bob may never know that Trudy was there all along.
Network Security
33
Digital Signatures
Cryptographic technique
analogous to handwritten signatures.
Simple digital signature
for message m:
 Sender (Bob) digitally signs
private key dB, creating
signed message, dB(m).
 Bob sends m and dB(m) to
Alice.
document, establishing he is
document owner/creator.
 Verifiable, non-forgeable,
non-repudiable: recipient
(Alice) can verify that Bob,
and no one else, signed
document.
 Bob encrypts m with his
Network Security
34
Digital Signatures (more)
 Suppose Alice receives
Alice thus verifies that:
msg m, and digital
 Bob signed m.
signature dB(m)
 No one else signed m.
 Bob signed m and not
 Alice verifies m signed by
m’.
Bob by applying Bob’s
public key eB to dB(m) then Non-repudiation:
 Alice can take m, and
checks eB(dB(m) ) = m.
signature dB(m) to court
and prove that Bob
 If eB(dB(m) ) = m, whoever
signed m.
signed m must have used
Bob's private key.
Network Security
35
Message Digests
It is computationally
expensive to publickey-encrypt long
messages.
Goal: fixed-length,easy to
compute digital
signature, 'fingerprint'
 apply hash function H to
m, get fixed size
message digest, H(m).
Hash function properties:
 Many-to-1
 Produces fixed-size msg digest
(fingerprint)
NON-FORGEABILITY REQUIREMENT
 Given message digest x,
computationally infeasible to find m
such that x = H(m)
 computationally infeasible to find any
two messages m and m' such that
H(m) = H(m').
Network Security
36
Digital signature = Signed message digest
Bob sends digitally signed
message:
Alice verifies signature and
integrity of digitally signed
message:
Network Security
37
Internet checksum: poor crypto hash
function
Internet checksum has some properties of hash function:
 produces fixed-length digest (16-bit sum) of message
 is many-to-one
But given message with given hash value, it is easy to
find another message with same hash value:
message
I O U 1
0 0 . 9
9 B O B
ASCII format
49 4F 55 31
30 30 2E 39
39 42 4F 42
B2 C1 D2 AC
message
I O U 9
0 0 . 1
9 B O B
ASCII format
49 4F 55 39
30 30 2E 31
39 42 4F 42
B2 C1 D2 AC
different messages
but identical checksums!
Network Security
38
Hash Function Algorithms
 Internet checksum
 MD5 hash function widely
used (RFC1321 with code).
would make a poor
message digest.
 Computes 128-bit
message digest in 4-step
 Too easy to find two
process.
messages with same
checksum.
 For any arbitrary 128-bit
message digest x, it
 Even using a 128-bit
appears difficult to
CRC it would be easy
construct msg m whose
to find a second
MD5 hash is equal to x.
message to fit to
the CRC
 SHA-1 is also used.
 US federal standard
 160-bit message digest
Network Security
39
Hash Function Algorithms
 MD5
 Try
the freeware WinMD5Free.exe
 MD5 is a very reliable way to fingerprint a file
 From rfc1321 (with code): ...”The MD5 algorithm]
takes as input a message of arbitrary length and
produces as output a 128-bit "fingerprint" or
"message digest" of the input. It is conjectured that it
is computationally infeasible to produce two
messages having the same message digest, or to
produce any message having a given pre-specified
target message digest.
Difficulty of coming up with any two messages with same message digests: order of
264 operations.
Given a message digest, the difficulty of coming up with any message with the same
40
Network Security
message digest is in the order of 2128 operations.
Trusted Intermediaries
Problem:
 How do two entities
establish shared
secret key over
network?
Solution:
 trusted key
distribution centre
(KDC) acting as
intermediary
between entities
Problem:
 When Alice obtains
Bob's public key (from
web site, e-mail,
diskette), how does
she know it is Bob's
public key, not
Trudy's?
Solution:
 trusted certification
authority (CA)
Network Security
41
Kerberos
• Authentication service developed at MIT (RFC 1510)
• Uses symmetric key encryption & key distribution center
• Variations & extensions to KDC
Authentication Server (AS)
Plays the role of the KDC
Repository of secret keys of all users
Repository of users’ access privileges indicating
which service the user has access to, and on
which network servers
Network Security
42
Key Distribution Center (KDC)
How can Alice & Bob get a shared symmetric key in a secured way?
 Alice,Bob need shared
symmetric key.
 KDC: server shares
different secret key with
each registered user.
 Alice, Bob know their
own symmetric keys,
KA-KDC KB-KDC , for
communicating with
KDC.
+ R1-encrypted timestamp (nonce)
Bob : a Server to which Alice: a user
+ expiration time
 Alice communicates with KDC,
gets session key R1, and KBKDC(A,R1)
 Alice sends Bob
KB-KDC(A,R1), Bob extracts R1
 Alice, Bob now share the
symmetric key R1.
Network Security
KDC uses the appropriate private user secret key to communicate with them.
43
Certification Authorities
 Certification authority
(CA) binds public key to
particular entity.
 Entity (person, router,
etc.) can register its public
key with CA.
 Entity provides proof of
identity to CA.
 CA creates certificate
binding entity to public
key.
 Certificate digitally
signed by CA.
 When Alice wants Bob's public
key:
 gets Bob's certificate (from
Bob or elsewhere).
 Apply CA's public key to Bob's
certificate, get Bob's public
45
key
Network Security
Certificate Sample
Network Security
46
END OF SESSION
Network Security
48
Firewall
Uses a combination of hardware and software components
 isolates organization's internal net from larger Internet,
allowing some packets to pass, blocking others.
gateway-to-remote
host telnet session
X
application
gateway
router and filter
Network Security
49
Firewall
Two firewall types:
 packet filter (network
layer)
 application gateways
(application layer)
To prevent denial of service
attacks:
 SYN flooding: attacker
establishes many bogus
TCP connections.
Consequence of Attacks:
host allocates TCP
buffers for bogus
connections, none left for
real connections.
To prevent illegal modification
of internal data.
 e.g., attacker replaces
CIA's homepage with
something else
To prevent intruders from
obtaining secret info.
Network Security
50
PACKET FILTERING
 Operates at the Network Layer
 The Internet access relies on a particular Router
 Coarse-grain filtering on IP and TCP/UDP headers
 The router can filter packets based on:





IP addresses
Domain names
Port numbers
Protocol types
TCP SYN and ACK bits on a TCP packet
 Operates by sequentially checking filtering rules against the datagram being
inspected; the first rule matching the datagram determines the action taken
Network Security
51
PACKET FILTERING
 Alice administers a company network 222.22.0.0/16 and, in general, wants
to disallow access to her network from the public internet (R3). However,
Alice collaborates with Bob and his colleagues who are at network
111.11/16. Alice wants to let users from Bob’s network access a specific
subnet, 222.22.22/24 within her company’s network (R1). The problem is
that Trudy belongs to Bob’s network, with subnet 111.11.11/24. Therefore,
Alice doesn’t want any traffic from 11.11.11/24 entering anywhere into her
network (R2).
 Packet filtering rules (ordering of evaluation is important!)
SOURCE
DEST
Comments
IP
Desired
Action
IP
R1
111.11/16
222.22.22/24
Permit
Let datagram from Bob’s
university into a restricted
subnet.
R2
111.11.11/24
222.22/16
Deny
Don’t let traffic from Trudy’s
subnet into anywhere within
Alice’s network
R3
0.0.0.0/0
0.0.0.0/0
Deny
Don’tNetwork
let traffic
into Alice’s
52
Security
network
PACKET FILTERING
 Specifying filtering rules
SOURCE
DEST
Comments
IP
Desired
Action
IP
R1
111.11/16
222.22.22/24
Permit
Let datagram from Bob’s
university into a restricted
subnet.
R2
111.11.11/24
222.22/16
Deny
Don’t let traffic from Trudy’s
subnet into anywhere within
Alice’s network
R3
0.0.0.0/0
0.0.0.0/0
Deny
Don’t let traffic into Alice’s
network
SOURCE
DEST
IP
IP
Desired
Action
P1
111.11.11.1
222.22.6.6
Deny
P2
111.11.11.1
222.22.22.2
Deny
P3
111.11.6.6
222.22.22.2
Permit
P4
111.11.6.6
222.22.6.6
Deny
R2,R1,R3
R1,R2,R3
Network Security
53
PACKET FILTERING
 Operates at the Network Layer
SOURCE
IP
DEST
IP
Desired R2,R1,R3 R1,R2,R3
Action
P1
111.11.11.1
222.22.6.6
Deny
Deny(R2)
Deny(R2)
P2
111.11.11.1
222.22.22.2
Deny
Deny(R2)
Permit(R1)
P3
111.11.6.6
222.22.22.2
Permit
Permit(R1)
Permit(R1)
P4
111.11.6.6
222.22.6.6
Deny
Deny(R3)
Deny(R3)
 Applying more specific rules first does not always avoid unanticipated or
unwanted behaviour arising from ordering issues
Network Security
54
PACKET FILTERING

Example 1: block incoming
and outgoing datagrams
with IP protocol field = 17
and with either source or
dest port = 23.
• All incoming and outgoing
UDP flows and telnet
connections are blocked.

Example 2: Block inbound
TCP segments with ACK=0.
• Prevents external clients
from making TCP
connections with internal
clients, but allows internal
clients to connect to
outside.
 Example 3: block 'ping'
In order to avoid
external users to find
suitable IP addresses to
attack.
 Example 4:
 Block domain names that
are known to be
dangerous to users or
inadequate for the scope
of the institution.

Network Security
55
APPLICATION GATEWAYS
gateway-to-remote
host telnet session
 Application specific server through
which all application data must pass
Packet Filter + Application Gateway
e.g.
host-to-gateway
telnet session
application
gateway
router and filter
Force all outbound Telnet
connections to pass through the
application gateway
 Make policy decisions based on
application data
Each Gateway = separate
server with own processes
 Multiple application gateways on the
same host
e.g. Telnet, HTTP, FTP,
mail server, Web Cache
Network Security
56
APPLICATION GATEWAYS
 Filters packets on
application data as well as
on IP/TCP/UDP fields.
gateway-to-remote
host telnet session
host-to-gateway
telnet session
application
gateway
router and filter
 Example: Allow only
selected internal users to
telnet outside.
1. Require all telnet users to telnet through gateway.
2. For authorized users, gateway sets up telnet connection to
dest host. Gateway relays data between 2 connections
3. Router filter blocks all telnet connections not originating
from gateway.
Network Security
57
Limitations of firewalls and gateways
 IP spoofing: router
can't know if data
really comes from
claimed source
 Multiple applications
need special
treatment; each with
its own gateway.
 Client software must
know how to contact
gateway.

e.g., must set IP address
of proxy in Web
browser
 Filters often use all or
nothing policy for UDP.
 Trade off: degree of
communication with
outside world, level of
security
 Many highly protected
sites still suffer from
attacks.
 Does not protect
against the enemy
from within.
Network Security
58
Snort®
 Snort® is an open source
network intrusion prevention
and detection system
(IDS/IPS) developed by
Sourcefire. Combining the
benefits of signature,
protocol, and anomaly-based
inspection, Snort is the most
widely deployed IDS/IPS
technology worldwide. With
millions of downloads and
nearly 400,000 registered
users, Snort has become the
de facto standard for IPS.
Network Security
59
Secure e-mail
Desirable Security Features
 Confidentiality
 Sender authentication
“I don’t love you anymore. I never want to see you
again. Formerly yours, Alice”
 Message Integrity
 Receiver Authentication

Tools:
 symmetric key & public key cryptography
 Authentication
 Key Distribution
 Message Integrity
 Digital Signatures
Next
Network Security
Let’s see stepwise evolution of a design of a Secure E-mail
60
Secure e-mail
Confidentiality
SE v1
• Alice wants to send secret e-mail message, m, to Bob.
• generates random symmetric private key, KS.
• encrypts message with KS
• also encrypts KS with Bob's public key.
• sends both KS(m) and eB(KS) to Bob.
Network Security
Tools: Symmetric Session key + Public key cryptography
61
Secure e-mail (continued)
X
Confidentiality + Authentication + Message Integrity
SE v2
• Alice wants to provide sender authentication
message integrity.
• Alice digitally signs message.
• sends both message (in the clear) and digital signature.
Tools: Hash Function + Digital Signature
Network Security
62
Secure e-mail (continued)
Confidentiality + Authentication + Message Integrity
SE v3
• Alice wants to provide secrecy, sender authentication,
message integrity.
Authentication +
Message Integrity
Confidentiality measures
Note: Alice uses both her private key, Bob's public
key.
Network Security
63
Pretty good privacy (PGP)
 Internet e-mail encryption
scheme, a de-facto standard.
 Uses symmetric key
cryptography, public key
cryptography, hash function,
and digital signature as
described.
 Provides secrecy, sender
authentication, integrity.
 Inventor, Phil Zimmerman, was
target of 3-year federal
investigation.
dA(H(m))
A PGP signed message:
---BEGIN PGP SIGNED MESSAGE-Hash: SHA1
Bob:(secret message)
---BEGIN PGP SIGNATURE--Version: PGP 5.0
Charset: noconv
yhHJRHhGJGhgg/12EpJ+lo8gE4vB3
mqJhFEvZP9t6n7G6m5Gw2
---END PGP SIGNATURE---
Cryptography programs are considered
munitions under US federal law and are
Network Security
not allowed to be exported
64
PGP
TOOLS
 Design
Similar to SEv3 diagram discussed
 Creation of Message Digest
MD5, SHA
 Symmetric Key Encyption
CAST, triple-DES, IDEA
 Public Key Encyption
RSA
 Compression
Network Security
65
Pretty good privacy (PGP)
 Freely available on http://web.mit.edu/network/pgp.html
 Look also www.pgp.com

Zimmermann has received technical awards
 2001: he was inducted into the CRN Industry Hall of Fame
 2000: InfoWorld named him one of the Top 10 Innovators
in E-Business
 1999: Louis Brandeis Award from Privacy International
 1998: Lifetime Achievement Award from Secure
Computing Magazine
 1996: the Norbert Wiener Award from Computer
Professionals for promoting the responsible use of
technology.
Network Security
66
Internet Commerce Scenario
Purchasing a product from a website
Use SSL protocol to combat these problems
Alice Incorporated Site
Information
Product, Quantity
Address
Payment card number
password
submit
 Intercept order, obtain Bob’s card information, then
make purchases using Bob’s card; or
 Trudy could be masquerading as Alice Incorporated
Network Security
67
Secure sockets layer (SSL)
sits between Application Layer and TCP
 Originally developed by
Netscape
 SSL security services:



server authentication
data encryption
client authentication
(optional)
 SSL works at transport
layer. Provides security
to any TCP-based app
using SSL services.
 SSL: used between
WWW browsers,
servers for Internetcommerce (https).
 Server authentication:



SSL-enabled browser includes
public keys for trusted CAs.
Browser requests server
certificate, issued by trusted CA.
Browser uses CA's public key to
extract server's public key from
certificate.
 Visit your browser's security
menu to see its trusted CAs.
Network Security
68
Secure Sockets Layer (SSL)
Originally developed by Netscape
 Data encryption
 Authentication bet. Web client & Web server
SSL-enabled
Web Server
Can be viewed as a
layer bet. App. Layer &
Transport Layer
Web Client (browser)
1. Handshake Phase
 negotiates encryption algorithm
 Authenticates server to client (or, vice-versa)
2. Data Transmission Phase
 Encryption of data using Session keys generated
during handshake phase
Network Security
69
Secure Sockets Layer (SSL)
HIGH-LEVEL VIEW OF HANDSHAKE PHASE OF SSL
Bob browses Alice’s
secure page
Alice sends Bob
her certificate
Bob extracts Alice’s
public key
Bob generates a
random symmetric
key and encrypts it
using Alice’s public
key
Alice extracts the
symmetric key
Network Security
70
Secure Sockets Layer (SSL)
FEATURES
 SSL SERVER AUTHENTICATION
 Allows the browser to authenticate the server
before the user submits important information
List of trusted CAs +
Public keys
 Client obtains certificate from server, then
 checks certificate with client’s list of trusted CAs.
If found on list, client validates certificate’s integrity and
extracts server’s public key
 SSL CLIENT AUTHENTICATION (Optional)
 ENCRYPTED SSL SESSION
 encryption/decryption of all information between browser & server
 information tampering detection
Network Security
71
SSL (continued)
ENCRYPTED SSL SESSION
 Browser generates
symmetric session key,
encrypts it with server’s
public key, sends
encrypted key to server.
 Using its private key,
server decrypts session
key.
 Browser, server agree
that future msgs will be
encrypted.
 All data sent into TCP
socket (by client or
server) encrypted with
session key.
 SSL: basis of IETF
Transport Layer Security
(TLS).
 SSL can be used for nonWeb applications, e.g.,
IMAP.
 Client authentication can
be done with client
certificates.
Network Security
72
Secure Sockets Layer (SSL)
LIMITATIONS
 Provides a popular platform (for servers and browsers) for
card payment transactions
 Generic secure communication bet. server & client
 signed certificate – guarantees bona fide company
 certificate does not indicate if company is authorized to accept
card payments nor if its a reliable merchant
 Company has no assurance if card is not stolen
Network Security
73
Network Security
74
Network Security
75
Network Security
76
Secure electronic transactions (SET)
 designed for payment-card
transactions over Internet.
 provides security services
among 3 players:
 customer
 merchant
 Merchant's
bank
All must have certificates.
 SET specifies legal
meanings of certificates.
 apportionment of
liabilities for
transactions
 Customer's card number
passed to merchant's bank
without merchant ever
seeing number in plain text.
 Prevents merchants from
stealing, leaking payment
card numbers.
 Three software components:
 Browser wallet
 Merchant server
 Acquisition gateway
Network Security
77
SSH (Secure Shell):
an example of secure connection
 Telnet or rsh are not secure
 They transmit login/passwords over the network
 SSH is safer because it encrypts the login/password
 Authenticates the hosts
 Keeps keys on the user's local directory
 Example of known_hosts file:

hostname1,130.113.118.147 ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAsmnfyxDMN7o1UrXuvj
chDDFGRVdwRLVC+/pVoXvrVl5Byxp/GQSdWJeYzMyEyKaN
Q+IgFpiBGqnsgfk8uQJCzyJnB3nkYSAhVlz2emjuC6kuJ8
yFgoIxON4v9NVEeSgSEIua6aVBi4a4tfy2sSj15aYzWPSO
mJoG+hnt6lEaDY0
Network Security
78
END OF SESSION
Network Security
79
Ipsec: Network Layer Security
Blanket coverage for all Internet traffic (RFC 2401, 2411)
Advantages
 Network-layer secrecy:
sending host encrypts
the data in IP datagram
 TCP and UDP segments;
ICMP and SNMP
messages.
 Network-layer
authentication
 destination host can
authenticate source IP
address
 Two principal protocols:
 authentication header
(AH) protocol
 encapsulation security
payload (ESP) protocol

Necessary Precursor
 For both AH and ESP, source,
destination handshake:
 create network-layer
logical channel called
security association (SA)
 Each SA unidirectional.
 Uniquely determined by:
 security protocol (AH or
ESP)
 source IP address
 32-bit connection ID
Network Security
80
Authentication Header (AH) Protocol
 Provides source host
authentication, data
integrity, but not secrecy.
 AH header inserted
between IP header and IP
data field.
 Protocol field = 51.
 Intermediate routers
process datagrams as usual.
AH header includes:
 connection identifier
 authentication data: signed
message digest, calculated
over original IP datagram,
providing source
authentication, data integrity.
 Next header field: specifies
type of data (TCP, UDP, ICMP,
etc.)
Network Security
81
Encapsulation Security Payload (ESP)
Protocol
 Provides secrecy, host
 ESP authentication
authentication, data
field is similar to AH
integrity.
authentication field.
 Data, ESP trailer
 Protocol = 50.
encrypted.
 Next header field is in ESP
trailer.
Network Security
82
Network Security (summary)
Basic techniques…...
 cryptography (symmetric and public)
 authentication
 message integrity
…. used in many different security scenarios
 secure email
 secure transport (SSL)
 IP sec
Network Security
83