Network Security

Network Security Deals with the Following Issues Secrecy (or confidentiality) No unauthorized person can see the content Authentication Determining whom you are really talking to Non-repudiation (digital signature) A person cannot deny what he/she has sent Integrity Make sure a received message has not been modified.

Attacks on Network Security Passive attack Release of message content Traffic analysis Active attack Masquerade Replay Modification of message contents Denial of service

Traditional Cryptography

One Example: Substitution Ciphers Every letter is shifted by k positions in the 26-letter alphabet list. Or using permutation to randomly map a letter to another letter. O SGCT NGX Using the properties of natural languages, decoding the above message is not difficult.

Two Fundamental Cryptographic Principles All message must contain some redundancy to prevent intruders from tricking the receiver into acting on a false message. Otherwise, a randomly generated cipher may map to a meaningful message. However, too much redundancy will make the cryptanalysts’ job easier. Some measure must be taken to prevent intruders from playing back old valid messages.

A Secret Key Algorithm: DES Data Encryption Standard (DES) is widely used in the industry. Plaintext is encrypted in blocks of 64 bits, yielding 64 bits of cipher. Key is 56 bits. (no longer considered safe) This algorithm has 19 stages. Triple DES uses E-D-E and two keys (112 bits is considered safe) for backward compatibility. (by setting k1=k2, triple DES can communicate with DES)

Double DES Can be Attacked by “Meet-in-the-Middle”

DES Block Diagram

Location of Encryption Devices

Two Locations of Encryption Devices Link encryption devices All traffic on such a link is encrypted. Both data payload and header can be encrypted. A passive intruder cannot know where a packet is headed for. However, it hurts network forwarding performance a lot. The header of a packet needs to be decrypted each time it enters the router for forwarding. Vulnerable when transmitted on a link that does not support encryption and when entering a router. End-to-end encryption devices Only the two end hosts know which traffic is important enough that it need to be encrypted. Performance is thus better. Only data payload can be encrypted. A passive intruder can know where a packet is headed for. Data payload is safe all the way from the source to the destination node.

Key Distribution is Very Important For traditional encryption to work, the communicating two party must have the same secret key before securely exchanging their data. Frequency key changes are desirable to limit the data compromised if an attacker learns the key. Therefore, the strength of any cryptographic systems depends on the key distribution technique!

Key Distribution Can Be Achieved in a Number of Ways Suppose A and B communicate with each other: A can select a key and physically deliver it to B. A third party can select a key and physically deliver it to A and B. If A and B are already using a key to communicate, one party can transmit the new key to the other, encrypted using the old key. If A and B each have an encrypted connection to a third party C, C could deliver a key on the encrypted links to A and B. Security, flexibility, and convenience determine whether a method can gain popular uses. The hardest problem is how to set up the first secret key. Public key Diffie-Hellman method

An Automatic Key Distribution Example

Message Authentication (Also Called Digital Signature) A message is said to be authentic when it is genuine and came from its alleged source. Message authentication is a procedure that allows communicating parties to verify the received message are authentic. The receiver can make sure that the message content is not altered. The receiver can make sure that the message really came from the alleged source. The sender later cannot repudiate that he/she sent this message. The receiver can make sure that the message is not a replay.

Message Can Be Authenticated by Encryption Encrypt the content of a message by a key owned by the source. The receiver uses the same key to decrypt the received message. If the decoded message looks reasonable, then this message is not altered and came from the alleged source. Advantages: Achieve confidentiality, authentication, and integrity at one time. Disadvantage: Too slow. Sometime, confidentiality is not needed. For example, authentication of computer programs to detect virus.

Authentication Messages without Encryption (Message Digests) An authentication tag is generated and appended to the message for transmission. The tag is a hash function of the content of the message and the source’s key. The content of the message need not be encrypted. Much faster than using encryption for the whole message The receiver uses the same function and key to compute a tag. If the tag is the same as the appended tag, the message is authentic. Otherwise, either the appended tag or the message content has been altered.

Message Digests Use Secure Hash Function The purpose of a hash function H is to produce a “fingerprint” of a message. Requirements: H can be applied to a block of data of any size. H produces a fixed-length output. H(x) is easy to compute, making software and hardware implementation cost low. For any given code h, it is computationally infeasible to find x such that H(x) = h. For any given block x, it is computationally infeasible to find y != x with H(x) = H(y). It is computationally infeasible to find any pair (x, y) such that H(x) = H(y). Example: SHA, MD5

Different Ways of Doing Message Digests Used by IPsec

Public-Key Cryptography Each person has two keys – one public, the other private. The sender uses the receiver’s public key to encrypt message. The receiver uses his/her private key to decrypt. No secret key distribution is needed.

Public-Key Can be Used For Message Authentication Only Bob has Bob’s private key, no one else can use Bob’s private key to encrypt a message.

Public-Key Can be Used For Both Message Authentication and Encryption

The RSA Public-Key Encryption Algorithm

The RSA Public-Key Encryption Example

The Diffie-Hellman Key Exchange to Establish a Shared Secret Key Given g, n, and g^x mod n, finding x is computationally difficult. No need to distribute secret keys!

IPv4 and IPv6 Security: IPsec IPsec provides three facilities: Authentication-only (AH) Authentication with encryption (Encapsulating Security Payload, ESP) Key management IPsec provides two modes: Transport mode Only data payload can be authenticated or/and encrypted. Packet header is exposed. Tunnel mode Both packet header and data payload can be encrypted An original packet is put into and carried as a tunnel IP packet’s data payload. Thus, the original packet header is not exposed.

Transport and Tunnel Modes

Security Association in IPsec An association is a one-way relationship between a sender and a receiver that offers security service to the traffic carried on it. For a two-way secure exchange, two associations, one for each direction, need to be set up. A security association is uniquely defined by Security parameter index (like VC ID) So that a receiving node knows which encryption/authentication algorithm should be used to process a received packet IP destination address Security protocol identifier (e.g., AH or ESP)

Authentication Header Format The authentication data stores the message digest. The calculation of the digest covers: The IP header fields that either do not change (e.g., source IP address) or that are predictable upon arrival at the receiving node (e.g., destination IP address when source routing is used). The AH header itself. The entire IP data payload.

ESP(Encapsulating Security Payload) Header Format

Security Can be Enforced At Different Layers IPsec is a security mechanism at the network layer. When used, all traffic between two nodes needs to be authenticated or encrypted. (good for VPN) However, not all traffic is important. Authentication and encryption operations hurt forwarding packet performance a lot! Secure Socket Layer (SSL) is at the transport layer. We can use SSL to connect to a secure web server only when really needed. Also, we can do authentication/encryption at the application layer. That is, we can manually authenticate and encrypt a message and then send it on a normal TCP connection.