Download Transport Layer and Security Protocols for Ad Hoc Wireless Networks

Document related concepts

IEEE 802.1aq wikipedia , lookup

Zigbee wikipedia , lookup

Distributed firewall wikipedia , lookup

Computer security wikipedia , lookup

CAN bus wikipedia , lookup

Computer network wikipedia , lookup

Deep packet inspection wikipedia , lookup

IEEE 1355 wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Airborne Networking wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

TCP congestion control wikipedia , lookup

Wireless security wikipedia , lookup

Internet protocol suite wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Transcript
Chapter 9: Transport Layer and Security
Protocols for Ad Hoc Wireless Networks
 Introduction
 Issues
 Design Goals
 Classifications
 TCP Over Ad Hoc Wireless
Networks
 Other Transport Layer
Protocols
 Security in Ad Hoc Wireless
Networks
 Network Security Requirements
 Issues and challenges in
security
 Network security attacks
 Key Management
 Secure Routing
1
Introduction
 The objectives of a transport layer protocol include setting up of:
•
•
•
•
End-to-end connection
End-to-end delivery of data packets
Flow control
Congestion control
 Transport layer protocols
• User datagram protocol (UDP): unreliable and connection-less transport
layer protocols
• Transmission control protocol (TCP): reliable, byte-stream-based, and
connection-oriented transport layer protocols
 These traditional wired transport layer protocols are not suitable
for ad hoc wireless networks.
2
Issues
 Issues while designing a transport layer protocol for ad hoc
wireless networks:
• Induced traffic refers to the traffic at any given link due to the relay traffic
through neighboring links.
• Induced throughput unfairness refers to the throughput unfairness at the
transport layer due to the throughput/delay unfairness existing at the lower
layers such as the network and MAC layers.
• Separation of congestion control, reliability, and flow control could
improve the performance of the transport layer.
• Power and bandwidth constraints affects the performance of a transport
layer protocol.
• Misinterpretation of congestion occurs in ad hoc wireless networks.
• Completely decoupled transport layer needs to adapt to the changing
network environment.
• Dynamic topology affects the performance of a transport layer.
3
Design Goal
 The protocol should maximize the throughput per connection.
 It should provide throughout fairness across contending flows.
 It should minimize connection setup and connection maintenance
overheads.
 The protocol should have mechanisms for congestion control and
flow control in the network.
 It should be able to provide both reliable and unreliable
connections.
 The protocol should be able to adapt to the dynamics of the
network.
 One of the important resources must be used efficiently.
 The protocol should be aware of resource constraints.
 The protocol should make use of information from the lower layer.
 It should have a well-defined cross-layer interaction framework.
4
 The protocol should maintain end-to-end semantics.
Classification of Transport Layer Solutions
Transport Layer Solutions for Ad Hoc Wireless Networks
TCP over ad hoc wireless networks
Other transport layer approach
ACTP
ATP
Split Approach
Split-TCP
End-to-end
approach
TCP-ELFN
TCP-F
TCP-Bus
ATCP
5
TCP over Ad Hoc Wireless Networks
 TCP taking 90% of the traffic is predominant in the Internet.
 This chapter focuses on TCP extension in ad hoc wireless
networks.
 Transport protocol should be independent of the network layer
technology, e.g., no matter fiber or radio is used
 But TCP is optimized for wired network  Congestion control
•
•
•
•
TCP assumes timeout is due to congestion
Wireless links are not reliable, packet loss may be as high as 20%
In wired network, packet loss is due to congestion  slow down
In wireless network, due to wireless links  try harder
6
Why does TCP not perform well in Ad
Hoc Wireless Networks






Misinterpretation of packet loss
Frequent path breaks
Effect of path length
Misinterpretation of congestion window
Asymmetric link behavior
Uni-directional path: TCP ACK requires RTS-CTS-Data-ACK
exchange
 Multipath routing
 Network partitioning and remerging
 The use of sliding-window-based transmission
7
TCP Over Ad Hoc Wireless Network
 Feedback-based TCP (TCP Feedback – TCP-F)
• Requires the support of a reliable link layer and a routing protocol that can
provide feedback to the TCP sender about the path breaks.
• The routing protocol is expected to repair the broken path within a
reasonable time period.
• Advantages: Simple, permits the TCP congestion control mechanism to
respond to congestion
• Disadvantages:
• If a route to the sender is not available at the failure point (FP), then
additional control packets may need to be generated for routing the route
failure notification (RFN) packet.
• Requires modification to the existing TCP.
• The congestion window after a new route is obtained may not reflect the
achievable transmission rate acceptable to the network and the TCP-F
receiver.
8
TCP Over Ad Hoc Wireless Network
 TCP with explicit link failure notification (TCP-ELFN)
• Handle explicit link failure notification
• Use TCP probe packets for detecting the route reestablishment.
• The ELFN is originated by the node detecting a path break upon detection of
a link failure to the TCP sender.
• Advantages:
• improves the TCP performance by decoupling the path break information
from the congestion information by the use of ELFN.
• Less dependent on the routing protocol and requires only link failure
notification
• Disadvantages
• When the network is partitioned, the path failure may last longer
• The congestion window after a new route is obtained may not reflect the
achievable transmission rate acceptable to the network and TCP receiver.
9
TCP Over Ad Hoc Wireless Network
 TCP with buffering capability and sequence information (TCPBuS)
• Use feedback information from an intermediate node on detection of a path
break.
• Use localized query (LQ) and REPLY to find a partial path
• Upon detection of a path break, an upstream intermediate node originates an
explicit route disconnection notification (ERDN) message.
• Advantages
• Performance improvement and avoidance of fast retransmission
• Use on-demand routing protocol
• Disadvantages
• Increased dependency on the routing protocol and the buffering at the
intermediate nodes
• The failure of intermediate nodes may lead to loss of packets.
• The dependency of TCP-BuS on the routing protocol many degrade its
performance.
10
TCP Over Ad Hoc Wireless Network
 Ad Hoc TCP (ATCP)
• uses a network layer feedback mechanism to make the TCP sender aware of
the status of the network path
• Based on the feedback information received from the intermediate nodes, the
TCP sender changes its state to the persist state, congestion control state, or
the retransmit state.
• When an intermediate node finds that the network is partitioned, then the
TCP sender state is changed to the persist state.
• The ATCP layer makes use of the explicit congestion notification (ECN) for
maintenance for the states.
• Advantages
• Maintain the end-to-end semantics of TCP
• Compatible with traditional TCP
• Provides a feasible and efficient solution to improve throughput of TCP
• Disadvantages
• The dependency on the network layer protocol to detect the route
changes and partitions
• The addition of a thin ATCP layer to the TCP/IP protocol changes the
interface functions currently being used.
11
TCP Over Ad Hoc Wireless Network
 Split-TCP
• provides a unique solution to the channel fairness problem by splitting the
transport layer objectives into congestion control and end-to-end reliability.
• Splits a long TCP connection into a set of short concatenated TCP
connections with a number of selected intermediate nodes as terminating
points of these short connections.
• Advantages
• Improved throughput
• Improved throughput fairness
• Lessened impact of mobility
• Disadvantages
• It requires modifications to TCP protocol.
• The end-to-end connection handling of traditional TCP is violated.
• The failure of proxy nodes can lead to throughput degradation.
12
Other Transport Layer Protocols
 Application controlled transport protocol (ACTP)
• A light-weight transport layer protocol and not an extension to TCP.
• ACTP assigns the responsibility of ensuring reliability to the application
layer.
• ACTP stands in between TCP and UDP where TCP experiences low
performance with high reliability and UDP provides better performance with
high packet loss in ad hoc wireless networks.
• Advantages
• Provides the freedom of choosing the required reliability level to the application
layer.
• Scalable for large networks
• There is no congestion window
• Disadvantages
• It is not compatible with TCP.
• Could lead to heavy congestion
13
Other Transport Layer Protocols
 Ad hoc transport protocol (ATP)
• specifically designed for ad hoc wireless networks and is not a variant of
TCP and differ from TCP in the following ways:
• Coordination among multiple layers
• Rate based transmissions
• Decoupling congestion control and reliability
• Assisted congestion control
• ATP uses information from lower layers for
• Estimation of the initial transmission rate
• Detection, avoidance, and control of congestion
• Detection of path breaks
• Advantages: improved performance, decoupling of the congestion control
and reliability mechanisms, and avoidance of congestion window
fluctuations
• Disadvantages
• The lack of interoperability with TCP
• Fine-grained per-flow timer may cause the scalable problem
14
Security in Ad Hoc Wireless Networks
 A security protocol should meet following requirements
• Data confidentiality/secrecy is concerned with ensuring that data is not
exposed to unauthorized users.
• Data integrity means that unauthorized users should not be able to modify
any data without the owner's permission.
• System availability means that nobody can disturb the system to have it
unusable.
• Authentication is concerned with verifying the identity of a user.
• Non-repudiation means that the sender cannot deny having sent a message
and the recipient cannot deny have received the message.
15
Security in Ad Hoc Wireless Networks
 Issues and challenges in security provisioning
• Shared broadcast radio channel: The radio channel in ad hoc wireless
networks is broadcast and is shared by all nodes in the network.
• Insecure operational environment: The operating environments where ad
hoc wireless networks are used may not always be secure. For example,
battlefields.
• Lack of central authority: There is no central monitor in ad hoc wireless
networks.
• Lack of association: A node can join and leave the network at any point.
• Limited resource availability: Resources such as bandwidth, battery power,
and computational power are scarce.
• Physical vulnerability: Nodes in these networks are usually compact and
hand-held in nature.
16
Need for Security
 Some people who cause security problems and why.
17
Security Threats
 Four types of security threats:
• Interception refers to the situation that an unauthorized party has gained
access to a service or data.
• Interruption refers to the situation in which services or data become
unavailable, unusable, or destroyed.
• Modifications involve unauthorized changing of data or tampering with a
service.
• Fabrication refers to the situation in which additional data or activity are
generated that would normally not exist.
18
Network Security Attacks
 Network Layer Attacks
• Wormhole attack: an attacker receives packets at one location in the network
and tunnels them to another location in the network.
• Blackhole attack: A malicious node could divert the packets.
• Byzantine attack: A compromised intermediate node could create routing
loops.
• Information disclosure: A compromised node may leak confidential
infomraiton to unauthorized nodes in the network.
• Resource consumption attack: A malicious node tries to consume/waste
away resources of other nodes present in the network.
• Routing attacks
• Routing table overflow: An adversary node advertises routes to nonexistent nodes.
• Routing table poisoning: The compromised nodes send fictitious routing
updates.
• Packet replication: An adversary node replicates stale packets.
• Route cache poisoning: Each node maintains a route cache that can be
poisoned by a adversary node.
• Rushing attack: On-demand routing protocols that use duplicate
suppression during the route discovery process are vulnerable to this 19
attack.
Network Security Attacks
 Transport Layer Attacks
• Session hijacking: An adversary takes control over a session between two
nodes.
 Application Layer Attacks
• Repudiation: Repudiation refers to the denial or attempted denial by a node
involved in a communication.
 Other Attacks
• Multi-layer attacks could occur in any layer of the network protocol stack.
• Denial of service: An adversary attempts to prevent authorized users
from accessing the service.
– Jamming: Transmitting signals on the frequency of senders and
receivers to hinder the communication.
– SYN flooding: An adversary send a large number of SYN packets to a
victim node.
– Distributed DoS attack: Several adversaries attack a service at the
same time.
• Impersonation: An adversary pretends to be other node.
• Device tampering: Mobile devices get damaged or stolen easily.
20
Network Security Attacks
Security Attacks
Active Attacks
Passive Attacks
Snooping
MAC Layer
Attacks
Jamming
Network Layer
Attacks
Transport Layer
Attacks
Wormhole
attack
Session
hijacking
Blackhole attack
Byzantine attack
Information disclosure
Resource consumption attack
Routing attacks
Application Layer
Attacks
Repudiation
Other attacks
DoS
Impersonation
Manipulation
of network
traffic
Device
tampering
21
Key Management
 Cryptography is one of the most common and reliable means to
ensure security.
 The purpose of cryptography is to take a message or a file, called
the plaintext (P), and encrypt it into the ciphertext (C) in such a
way that only authorized people know how to convert it back to
the plaintext.
 The secrecy depends on parameters to the algorithms called keys.
 The four main goals of cryptography are confidentiality, integrity,
authentication, and non-repudiation.
 Usually, the encryption method E is made public, but let the
encryption as a whole be parameterized by means of a key k (same
for decryption).
 Three types of intruders:
• Passive intruder only listens to messages.
• Active intruder can alter messages.
• Active intruder can insert messages.
22
Cryptography
Intruders and eavesdroppers in communication.
23
Cryptography
 There are two major kinds of cryptographic algorithms:
• Symmetric (secret-key) system: Use a single key to (1) encrypt the
plaintext and (2) decrypt the ciphertext. Requires that sender and receiver
share the secret key.
• Asymmetric (public-key) system: Use different keys for encryption and
decryption, of which one is private, and the other public.
 Hashing system: Only encrypt data and produce a fixedlength
digest. There is no decryption; only comparison is possible.
Notation
Description
KA, B
Secret key shared by A and B
K A
Public key of A
K A
Private key of A
24
Cryptography Functions
 Cryptography functions
• Secret key (symmetric cryptography, e.g., DES)
• Public key (asymmetric cryptography, e.g., RSA)
• Hashing (one-way function - message digest, e.g., MD5)Security services
 Security services
• Privacy (Secrecy): preventing unauthorized release of information
• Authentication: verifying identity of the remote participant
• Integrity: making sure message has not been altered
Security
Cryptography
algorithms
Secret
key
(e.g., DES)
Public
key
(e.g., RSA)
Security
services
Message
digest
(e.g., MD5)
Privacy
Authentication
Message
integrity
25
Symmetric Cryptosystems
 Substitute Cipher: each letter or group of letter is replaced by
another letter or group of letters
• Caesar cipher: rotate the letter (a  D, b  E, c  F, z  C).
• Example: attack  DWWDFN
• Monoalphabetic substitution
• Each letter replaced by different letter
Plaintext: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Ciphertext: QWERTYUIOPASDFGHJKLZXCVBNM
• Disadvantage: It does not smooth out frequencies in the cipher text.
• Polyalphabatic cipher – use multiple cipher alphabets.
26
Secret-Key Cryptography
 Transposition cipher: reorder the letters, but don't disguise them.
• Select a key
MEGABUCK
74512836
plea se tr
ansfe ron
ehundred
 afnsedtoelnhesurndpaeerr
Plain text  cipher text
27
Transposition Ciphers
 A transposition cipher.
28
One-Time Pads
The use of a one-time pad for encryption and the possibility of
getting any possible plaintext from the ciphertext by the use of
some other pad.
29
Symmetric Cryptosystems: DES
 Data Data Encryption Standard (DES) was developed by IBM and
adopted as a US national standard in 1977.
• The encryption function maps a 64-bit plaintext input into a 64-bit encrypted
output using a 56-bit master key.
• The DES algorithm is difficult to break using analytical methods ((the
rationale behind the design has never been clearly explained). Using a bruteforce attack will do the job because the key length is 56 bits. In June 1997, it
was successfully cracked. Only used for the protection of low-value
information.
 Triple-DES: apply DES three times with another two different keys.
Give strength against brute-force attacks.
 Advanced Encryption Standard (AES).
• In 1997, the US NIST (National Institute of Standards and Technology) issued
an invitation for Advanced Encryption Standard (AES).
• NIST announced the approval of the Federal Information Processing Standard
(FIPS) for the Advanced Encryption Standard, FIPS-197.
• This standard specifies Rijndael algorithm (blocks of 128 bits) as a FIPSapproved symmetric encryption algorithm that may be used by U.S.
Government organizations (and others) to protect sensitive information.
• The algorithm has been designed to be fast enough so that it can even be30
implemented on smart cards.
Data Encryption Standard
 The data encryption standard. (a) General outline.
(b) Detail of one iteration. The circled + means exclusive OR.
31
Triple DES
 (a) Triple encryption using DES. (b) Decryption.
32
Stream Cipher Mode
 A stream cipher. (a) Encryption. (b) Decryption.
33
Cryptanalysis
 Some common symmetric-key cryptographic algorithms.
34
Public-Key Cryptography
 Asymmetric (Public-key) cryptography uses an encryption
algorithm E and a decryption algorithm D such that deriving D is
effectively impossible even with a complete description of E. You
can encrypt without knowing how to decrypt.
 Requirements:
• D (E(P)) = P
• It is extremely difficult to deduce the decryption key from the encryption
key.
• E cannot be broken by a plaintext attack.
 All users pick a public key/private key pair
• publish the public key
• private key not published
 Public key is the encryption key
• private key is the decryption key
35
Public-Key Cryptosystems: RSA
 RSA
• RSA, named after its inventors Rivest, Shamir, and Adlemean, a public-key
cryptographic algorithm.
• The security of RSA comes from the fact that no methods are known to
efficiently find the prime factors to large numbers.
• For example, 2100 can be written as 2100 = 2 x 2 x 3 x 5 x 5 x 7 making 2,
3, 5, and 7 the prime factors in 2100.
• In RSA, the private and public keys are constructed from very large prime
numbers. It turns out breaking RSA is equivalent to finding those two prime
numbers.
36
Public-Key Cryptosystems: RSA
 Generating the private and public key requires four steps:
1. Choose two very large prime numbers, p and q
2. Compute n = p x q and z = (p – 1) x (q – 1)
3. Choose a number d that is relatively prime to z (that is, such that d has no
common factors with z)
4. Compute the number e such that e x d = 1 mod z
 Group P into blocks such that C=Pe (mod n) and P=Cd(mod n)
where 0 <= P < n
37
Public-Key Cryptography
 Example:
p=13 q=17  n = 13 x 17 = 221
z = (13 – 1) x (17 – 1) = 192.
let d=5 (prime to z)
e x d = 1 mod 192 = 1, 193, 385, ...
385 is divisible by d
e = 385/5 = 77
 Example:
p=3 q=11  n = 3 x 11 = 33
z = (3 – 1) x (11 – 1) = 20.
let d=7 (prime to z)
7 x e mod 20 = 1  e=3
C = P3 (mod 33), P = C7 (mod 33)
38
RSA
 An example of the RSA algorithm.
39
Hashing system
 Hashing System
• Oneway function: Given some output mout of ES , it is (analytically or)
computationally infeasible to find min
• Weak collision resistance: Given an input m and its associated output h =
H(m) it is computationally infeasible to find an m’ such that H(m) = H(m’).
• Strong collision resistance: given only H, it is computationally infeasible to
find any two different inputs m and m’ such that H(m) = H(m’).
 One way function:
• Function such that given formula for f(x)
• easy to evaluate y = f(x)
• But given y
• computationally infeasible to find x
• Example: Those functions used in public-key cryptography.
40
Digital Signatures
 Digital signatures make it possible to sign email messages and
other digital documents in such a way that they cannot be
repudiated by the sender later.
 Steps to use digital signatures:
• The sender runs the document through a one-way hashing algorithm
• The sender applies his private key to the hash to get D(hash). This is
called the signature block.
• The receiver computes the hash of the document using MD5 or SHA and
then applies the sender’s public key to the signature block to get
E(D(hash)). Compare hash and E(D(hash)).
41
Digital Signatures
(b)
 Computing a signature block
 What the receiver gets
42
Digital Signatures
 The most popular hashing functions used are:
• MD5 (Message Digest) which produces a 16-byte result.
• SHA (Secure Hash Algorithm) which produces a 20-byte result.
 The public key is usually published. To avoid altering, message
senders can attach a certificate to the message, which contains:
• The user’s name
• The public key
• Digitally singed by a trusted third party
43
Hash Functions
 Secure Hash Algorithm (SHA),
• which produces a 256-bit message digest. This provides protection of the
integrity of encrypted files as well as public key files.
• SHA was developed by the NIST in the United States, who announced the
approval of FIPS 180-2, Secure Hash Standard, containing the
specifications for the Secure Hash Algorithm SHA-256.
 MD5
• MD5 (Message Digest 5) is an algorithm that is used to verify data integrity
through the creation of a 128-bit message digest from data input which may
be a message of any length.
• MD5, which was developed by Professor Ronald L. Rivest of MIT, is
intended for use with digital signature applications, which require that large
files must be compressed by a secure method before being encrypted with a
secret key, under a public key cryptosystem.
• MD5 is currently a standard, Internet Engineering Task Force (IETF)
Request for Comments (RFC) 1321.
44
Certificates
 A possible certificate and its signed hash.
45
X.509
 X.509 is the ITU-T (International Telecommunications Union-T)
standard for Digital Certificates.
 The basic fields of an X.509 certificate.
46
Public-Key Infrastructures
 A Public Key Infrastructure (PKI) integrates software, hardware,
encryption technologies and services for managing the
cryptographic infrastructure and users' public keys.
(a) A hierarchical PKI. (b) A chain of certificates.
47
IPsec (IP Security)
 The IPsec authentication header in transport mode for IPv4.
48
IPsec (2)
(a) ESP in transport mode. (b) ESP in tunnel mode.
49
Firewalls
Rest of the Internet
Firewall
Local site
 A firewall is a set of related programs, located at a network
gateway server, that protects the resources of a private network
from users from other networks.
50
Firewalls
 A firewall consisting of two packet filters and an application
gateway.
51
Virtual Private Networks
(a) A leased-line private network. (b) A virtual private network.
52
802.11 Security
 Packet encryption using WEP.
53
Secure Channels and Authentication
Protocols
 Goal: Set up a channel allowing for secure communication
between two processes.
• They both know who is on the other side (authenticated).
• They both know that messages cannot be tampered with (integrity).
• They both know messages cannot leak away (confidentiality).
 Authentication Protocols
•
•
•
•
•
Authentication Based on a Shared Secret Key
Establishing a Shared Key: Diffie-Hellman
Authentication Using a Key Distribution Center
Authentication Using Kerberos
Authentication Using Public-Key Cryptography
54
Authentication versus Integrity
 Note: Authentication and data integrity rely on each other.
Consider an active attack by Trudy on the communication from
Alice to Bob.
 Authentication without integrity: Alice's message is authenticated,
and intercepted by Trudy, who tampers with its content, but leaves
the authentication part as is. Authentication has become
meaningless.
 Integrity without authentication: Trudy intercepts a message from
Alice, and then makes Bob believe that the content was really sent
by Trudy. Integrity has become meaningless.
 Question: What can we say about confidentiality versus
authentication and integrity?
55
Authentication: Secret Keys
1. Alice sends ID to Bob
2. Bob sends challenge RB (i.e. a random number) to Alice
3. Alice encrypts RB with shared key KA,B . Now Bob knows he's
talking to Alice
4. Alice send challenge RA to Bob
5. Bob encrypts RA with KA,B . Now Alice knows she's talking to
Bob
6. Note: We can improve the protocol by combining steps 1&4, and
2&3. This costs only the correctness.
56
Authentication (1)
 Authentication based on a shared secret key.
 Two-way authentication using a challenge-response protocol.
57
Authentication (2)
 Authentication based on a shared secret key, but using three instead
of five messages.
 A shortened two-way authentication protocol
58
Authentication: The Reflection Attack
1.
2.
3.
4.
5.
6.
Chuck sends (A (Alice ID), RC) to Bob.
Bob sends (RB, , KA,B (RC)) to Chuck.
Chuck sends (A, RB) to Bob.
Bob sends (RB2, , KA,B (RB)) to Chuck.
Chuck KA,B (RB) to Bob.
Bob thought Chuck is Alice.
59
Authentication (3)
 The reflection attack.
60
Establishing a Shared Key:
The Diffie-Hellman Key Exchange
 The Diffie-Hellman key exchange.
61
Establishing a Shared Key:
The Diffie-Hellman Key Exchange
 The bucket brigade or man-in-the-middle attack.
62
The principle of using a KDC
 The problem of using a shared key is scalability.
 Key Distribution Center (KDC) is used for key distribution and
shares a secret key with each host.
 KDC operation:
1. Alice send (A, B) to the KDC.
2. The KDC send KA,KDC ( KA,B ) to Alice and KB,KDC ( KA,B ) Bob.
• Drawbacks: Alice may want to start setting up a new secure channel and
KDC is required to get Bob into the loop.
 Solution: Pass KB,KDC ( KA,B ) to Alice and let Alice send it to Bob.
The message KB,KDC ( KA,B ) is known as a ticket.
63
Authentication Using a Key Distribution
Center (1)
 The principle of using a KDC.
64
Authentication Using a Key Distribution
Center (2)
 Using a ticket and letting Alice set up a connection to Bob.
65
Authentication Using a Key Distribution
Center
 The following figure is an example Needham-Schroeder
authentication protocol.
 The challenge RA1 that Alice sends to the KDC is known as
nonce. A nonce is a random number that is used only once and
used to uniquely related two messages.
66
Authentication Using a Key Distribution
Center (3)
 The Needham-Schroeder authentication protocol.
67
Authentication Using a Key Distribution
Center (4)
 Protection against malicious reuse of a previously generated
session key in the Needham-Schroeder protocol.
68
Authentication Using a Key Distribution
Center (3)
 The Otway-Rees authentication protocol (slightly simplified).
69
Authentication Using Kerberos
 The operation of Kerberos V4.
70
Authentication Using Public-Key
Cryptography
 Mutual authentication in a public-key cryptosystem.
71
Authentication Using Public-Key
Cryptography
 Mutual authentication using public-key cryptography.
72
Cryptography Practice
 Compare RSA to DES:
• Encrypting message using RSA is much slower than DES
• RSA is most used for exchange only shared keys
 Pretty Good Privacy (PGP) is a popular program used to encrypt
and decrypt e-mail over the Internet.
• It can also be used to send an encrypted digital signature that lets the
receiver verify the sender's identity and know that the message was not
changed en route.
• Available both as freeware and in a low-cost commercial version,
• PGP is the most widely used privacy-ensuring program by individuals and
is also used by many corporations. Developed by Philip R. Zimmermann in
1991, PGP has become a de facto standard for e-mail security.
• PGP can also be used to encrypt files being stored so that they are
unreadable by other users or intruders. .
73
Cryptography Example
 Pretty Good Privacy (PGP) is a popular program used to encrypt
and decrypt e-mail over the Internet.
 Transport Layer Security (TLS) is a protocol that ensures
privacy between communicating applications and their users on
the Internet.
 The Secure Sockets Layer (SSL) is a commonly-used protocol
for managing the security of a message transmission on the
Internet.
 HTTPS (Hypertext Transfer Protocol over Secure Socket Layer,
or HTTP over SSL) is a Web protocol developed by Netscape
and built into its browser that encrypts and decrypts user page
requests as well as the pages that are returned by the Web server.
74
PGP – Pretty Good Privacy
 PGP in operation for sending a message.
75
PGP – Pretty Good Privacy (2)
 A PGP message.
76
SSL—The Secure Sockets Layer
 Layers (and protocols) for a home user browsing with SSL.
77
SSL (2)
 A simplified version of the SSL connection establishment
subprotocol.
78
SSL (3)
 Data transmission using SSL.
79
Key Management Approaches
 Key predistribution: Keys are distributed to all participants
before the communication.
 Key transport: Keys are generated in one communication entity
and transported to all participants.
 Key arbitration: Keys are created and distributed by a central
arbitrator to all participants.
 Key agreement: Participants agree on a secret key for the further
communications.
 While keys are encrypted by key encryption keys (KEKs), data
traffic is encrypted by traffic encryption keys (TEKs).
80
Key Management in Ad Hoc Wireless Networks
 Password-based Group Systems
• A long string is given as the password for users for one session.
• A strong key is derived from the weak passwords given by the participants.
• It could be for two-party or for the whole group with a leader.
 Threshold Cryptography
• Public key infrastructure (PKI) enables the easy distribution of keys and is a
scalable method. Each node has a public/private key pair, and a certifying
authority (CA) can be bind the keys to the particular node.
• A scheme based on threshold cryptography by which n servers exist out of
which any (t + 1) servers can jointly perform any arbitration or
authorization successfully, but t server cannot perform the same. So up to t
compromised severs can be tolerated.
 Self-Organized Public Key Management for Mobile Ad Hoc
Networks
• The users issue certificates to each other based on personal acquaintance.
• A certificate is a binding between a node and its public key and issued for a
specific period of time.
81
Secure Routing in Ad Hoc Wireless Networks
 Requirements of a secure routing protocol for ad hoc wireless
networks
•
•
•
•
Detection of malicious nodes
Guarantee of correct route discovery
Confidentiality of network topology
Stability against attacks
 Secure routing protocols:
• Security-aware ad hoc routing protocol (SAR) uses security as one of the
key metrics in path finding. SAR defines level of trust as a measure for
routing establishment.
• Secure efficient ad hoc distance vector routing protocol (DSDV) uses a oneway function hash function and is designed to overcome DoS.
• Authenticated routing for ad hoc networks (ARAN) is based on
cryptographic certificates.
82
Social Issues: Anonymous Remailers
 Users who wish anonymity chain requests through multiple
anonymous remailers.
83
Social Issues: Freedom of Speech
 Possibly banned material:
1. Material inappropriate for children or teenagers.
2. Hate aimed at various ethnic, religious, sexual, or other groups.
3. Information about democracy and democratic values.
4. Accounts of historical events contradicting the government's version.
5. Manuals for picking locks, building weapons, encrypting messages, etc.
84
Covert Channels
 Pictures appear the same but information is hidden in the image.
It is called steganography.
 Picture on right has text of 5 Shakespeare plays
• encrypted, inserted into low order bits of color values
Zebras
Hamlet, Macbeth, Julius Caesar
85
Merchant of Venice, King Lear