ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Lecture 12 Network Security (2)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in different layers – Security (Application) –Web Security SSL – The Secure Sockets Layer (Application-Transport) –Communication Security (Network/Data Link) IPSec Firewalls

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Trusted Intermediaries Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC) acting as intermediary between entities Public key problem: When A obtains B’s public key (from web site, , diskette), how does it know it is B’s public key, not C’s? Solution: trusted certification authority (CA)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Key Distribution Center (KDC) A and B need shared symmetric key. KDC: server shares different secret key with each registered user (many users) A and B know own symmetric keys, K A-KDC K B-KDC, for communicating with KDC. K B-KDC K X-KDC K Y-KDC K Z-KDC K P-KDC K B-KDC K A-KDC K P-KDC KDC A B P

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Key Distribution Center (KDC) Q: How does KDC allow B and A to determine shared symmetric secret key to communicate with each other? A and B communicate: using R1 as session key for shared symmetric encryption A knows R1 B knows to use R1 to communicate with A KDC generates R1 K B-KDC (A,R1) K A-KDC (A,B) K A-KDC (R1, K B-KDC (A,R1) ) A B Kerberos is an authentication service developed at MIT that uses symmetric key encryption techniques and a Key Distribution Center. The Kerberos Authentication Server (AS) plays the role of the KDC.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Certification Authorities Certification authority (CA): binds public key to particular entity, E. E (person, router) registers its public key with CA. –E provides “proof of identity” to CA. –CA creates certificate binding E to its public key. –certificate containing E’s public key digitally signed by CA – CA says “this is E’s public key” B’s public key K B + B’s identifying information digital signature (encrypt) CA private key K CA - K B + certificate for B’s public key, signed by CA B

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Certification Authorities When A wants B’s public key: –gets B’s certificate (from B’s Web page, message or elsewhere). –apply CA’s public key to B’s certificate, get B’s public key B’s public key K B + digital signature (decrypt) CA public key K CA + K B +

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 A Certificate Contains FieldDescription versionversion number of X.509 specification (standard for Certification, developed by IETF) serial numberCA-issued unique identifier for a certificate signaturespecifies the algorithm used by CA to "sign" this certificate Issuer nameidentity of CA issuing this certificate Validity periodstart and end of period of validity for certificate Subject nameidentity of entity whose public key is associated with this certificate Subject public keythe subject's public key as well as an indication of the public key algorithm (and algorithm parameters) to be used with this key

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in different layers – Security (Application) –Web Security SSL – The Secure Sockets Layer (Application-Transport) –Communication Security (Network/Data Link) IPSec Firewalls

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Secure A wants to send confidential , m, to B K S ( ). K B ( ) K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) + A B A: – generates random symmetric private key, K S. – encrypts message with K S – also encrypts K S with B’s public key. – sends both K S (m) and K B (K S ) to B.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Secure A wants to send confidential , m, to B K S ( ). K B ( ) K S (m ) K B (K S ) + m KSKS KSKS KBKB + Internet K S ( ). K B ( ). - KBKB - KSKS m K S (m ) K B (K S ) + A B B: – uses his private key to decrypt and recover K S – uses K S to decrypt K S (m) to recover m

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Secure A wants to provide sender authentication, message integrity. “A” applies a hash function, H (e.g., MD5), to message m to obtain a message digest encrypts the result of the hash function with private key, to create a digital signature sends both message (in the clear) and digital signature. H( ). K A ( ) H(m ) K A (H(m)) - m KAKA - Internet m K A ( ). + KAKA + K A (H(m)) - m H( ). H(m ) compare A B “B” applies the hash function, H (e.g., MD5), to message m to obtain a message digest, applies A's public key, to signature compares the result of the operations

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Secure A wants to provide secrecy, sender authentication, message integrity. “A” uses three keys: her private key, B’s public key, newly created symmetric key H( ). K A ( ). - + K A (H(m)) - m KAKA - m K S ( ). K B ( ). + + K B (K S ) + KSKS KBKB + Internet KSKS

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Pretty Good Privacy (PGP) Internet encryption scheme, de-facto standard. uses symmetric key cryptography, public key cryptography, hash function, and digital signature as described. provides secrecy, sender authentication, integrity. inventor, Phil Zimmerman. ---BEGIN PGP SIGNED MESSAGE--- Hash: SHA1 B: Hello there, the journey was very good one…, A ---BEGIN PGP SIGNATURE--- Version: PGP 5.0 Charset: noconv yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJhF EvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE--- A PGP signed message: -----BEGIN PGP MESSAGE----- Version: PGP 5.0 u2R4d+/jKmn8Bc5+hgDsqAewsDfrGdszX6 8liKm5F6Gc4sDfcXyt RfdSlOjuHgbcfDssWe7/K=lKhnMikLo0+l /BvcX4t==Ujk9PbcD4 Thdf2awQfgHbnmKlok8iy6gThlp -----END PGP MESSAGE A secret PGP message:

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in different layers – Security (Application) –Web Security SSL – The Secure Sockets Layer (Application-Transport) –Communication Security (Network/Data Link) IPSec Firewalls

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Secure Sockets Layer (SSL) transport layer security to any TCP-based application using SSL services. used between Web browsers, servers for e- commerce (https). security services: –server authentication –data encryption –client authentication (optional) server authentication: –SSL-enabled browser includes public keys for trusted CAs. –Browser requests server certificate, issued by trusted CA. –Browser uses CA’s public key to extract server’s public key from certificate. Do it yourself: check your browser’s security menu to see its trusted CAs.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 SSL Encrypted SSL session: Browser generates symmetric session key, encrypts it with server’s public key, sends encrypted key to server. Using private key, server decrypts session key. Browser, server know session key –All data sent into TCP socket (by client or server) encrypted with session key. SSL: basis of IETF Transport Layer Security (TLS). SSL can be used for non-Web applications, e.g., IMAP. Client authentication can be done with client certificates. (if needed)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in different layers – Security (Application) –Web Security SSL – The Secure Sockets Layer (Application-Transport) –Communication Security (Network/Data Link) IPSec Firewalls

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 IPsec: Network Layer Security Network-layer secrecy: –sending host encrypts the data in IP datagram –TCP and UDP segments; ICMP and SNMP messages. Network-layer authentication –destination host can authenticate source IP address Two principle protocols: –authentication header (AH) protocol (authentication, integrity) –encapsulation security payload (ESP) protocol (authentication, integrity, secrecy) For both AH and ESP, source, destination handshake: –create network-layer logical channel called a security association (SA) Each SA unidirectional. Uniquely determined by: –security protocol (AH or ESP) –source IP address –32-bit connection ID

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Authentication Header (AH) Protocol provides source authentication, data integrity, no confidentiality AH header inserted between IP header, data field. protocol field: 51 intermediate routers process datagrams as usual AH header includes: connection identifier (Security Parameter Index, SPI) authentication data: source- signed message digest calculated over original IP datagram. next header field: specifies type of data (e.g., TCP, UDP, ICMP) IP headerdata (e.g., TCP, UDP segment) AH header

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 ESP Protocol provides secrecy, host authentication, data integrity. next header field is in ESP trailer. data, ESP trailer encrypted. ESP authentication field is similar to AH authentication field. Protocol = 50. IP header TCP/UDP segment ESP header ESP trailer ESP authent. encrypted authenticated

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Outline Network Security Concepts Principles of cryptography Authentication Integrity Key Distribution and certification Security in different layers – Security (Application) –Web Security SSL – The Secure Sockets Layer (Application-Transport) –Communication Security (Network/Data Link) IPSec Firewalls

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Firewalls isolates organization’s internal net from larger Internet, allowing some packets to pass, blocking others. administered network public Internet firewall Firewalls: Why prevent denial of service attacks: –flooding: attacker establishes many bogus TCP connections, no resources left for “real” connections. prevent illegal modification/access of internal data. –e.g., attacker replaces CIA’s homepage with something else allow only authorized access to inside network (set of authenticated users/hosts)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Firewalls Typical configuration of firewall: –Two routers that do packet filtering. These are standard routers equipped with some extra functionality. –An application gateway that operates at the application level.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Packet Filtering internal network connected to Internet via router firewall router filters packet-by-packet, decision to forward/drop packet based on: –source IP address, destination IP address –TCP/UDP source and destination port numbers –ICMP message type –TCP SYN and ACK bits Should arriving packet be allowed in? Departing packet let out?

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Packet Filtering Example 1: block incoming and outgoing datagrams with IP protocol field = 17 and with either source or destination port = 23. –All incoming and outgoing UDP flows and telnet connections are blocked. Example 2: Block inbound TCP segments with ACK=0. –Prevents external clients from making TCP connections with internal clients, but allows internal clients to connect to outside.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Application Gateways Filters packets on application data as well as on IP/TCP/UDP fields. Example: allow select internal users to telnet outside. 1. Require all telnet users to telnet through gateway. 2. For authorized users, gateway sets up telnet connection to destination host. Gateway relays data between 2 connections 3. Router filter blocks all telnet connections not originating from gateway. host-to-gateway telnet session gateway-to-remote host telnet session application gateway router and filter

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Limitations of Firewalls and Gateways IP spoofing: router can’t know if data “really” comes from claimed source if multiple applications need special treatment, each has own application gateway. client software must know how to contact gateway. –e.g., must set IP address of proxy in Web browser filters often use all or nothing policy for UDP. tradeoff: degree of communication with outside world, level of security many highly protected sites still suffer from attacks.

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Reading Material Chapter 7 – text3 (Kurose) Chapter 8 – text2 (Tanenbaum)

ICT 6621 : Advanced NetworkingKhaled Mahbub, IICT, BUET, 2008 Notice Mid term 2 exam marks are available at, Bonus Marks: –Old Marking Scheme Mid Term 1 30% Mid Term 2 30% Final Exam 40% –New Marking Scheme Mid Term 1 25% Mid Term 2 25% Attendance 10% Final Exam 40%